Re: [Full-Disclosure] MS04-004??

[Paul Tinsley]

It would seem I was actually quite wrong, it doesn't just fix the url 
spoofing problem which is actually %01 not %00, duh.  Anyway...  The 
fixes in MS04-004 are very similar to MS03-048 (so similar they copy and 
pasted most of the bulletin,) BUT they are new vulnerabilities with the 
same end state: remote code execution.  Further adding to the reasoning 
for an out of cycle release.  I personally think they should make this 
more clear, looking at MS03-048 and MS04-004 side by side makes you 
think they just kept the rollup verbage and added the URL fix.

See CVE for more info:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1027
David Vincent wrote:

They finally have a fix for the url spoofing problem (%00) 
and updated a 
previous IE roll up to cover it.  I have seen reference to this bug 
being used in the wild already, which meets Microsoft's out of cycle 
release criteria.
   

it also seems to have fixed the damn annoying scrolling bug.

-d

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html