http://www.guninski.com/signedactivex2.html
which shows introducing old buginess.
How irresponsible of micro$oft to not warn their luser base back then about the real solution.
Anyway, lusers may think twice when marketoids claim Paladium and its signatures are good things, lol.
Georgi Guninski
http://www.guninski.com
Paul Szabo wrote:
Microsoft security bulletin http://www.microsoft.com/technet/security/bulletin/ms02-065.asp contains the caveat "a patched system could be made vulnerable again [by] visit a web site or open an HTML mail". We have a execute-any-code vulnerability, exploitable by a Web page or email; the patch can be undone by a Web page or email. Just as exploitable after the patch.Is this what Microsoft calls "responsible disclosure"? Cheers, Paul Szabo - [EMAIL PROTECTED] http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia PS: The above applies to IE only; I know that the patch is needed also for IIS and maybe others. Do not let details get in the way of a good story. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
