[thelist] IE Security Hole

Ezra S F ezrasf at yahoo.com
Thu Feb 21 18:17:00 CST 2002 

I don't see anything about this in Microsoft's Security Bulletins.

	http://www.microsoft.com/technet/security/current.asp

The 2002 Feb 11 Cumulative patch does not mention anything about the
ability to open a command shell to execute commands that I saw.


http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS02-005.asp

This is the only IE patch I see for this year.

Ezra S Freelove
Computer Supp Spec, Web Services
Information Technology               |            229-333-5974
Valdosta State University            |          ICQ:  41079071
http://www.valdosta.edu/~esfreelo/   |   esfreelo at valdosta.edu



-----Original Message-----
From: thelist-admin at lists.evolt.org
[mailto:thelist-admin at lists.evolt.org] On Behalf Of Jon Hall
Sent: Thursday, February 21, 2002 12:49 PM
To: thelist at lists.evolt.org
Subject: Re: [thelist] IE Security Hole


It was first posted to Bugtraq around the 10th of January. I believe
this
was fixed in the newest IE patch, but I'm not 100% about that. So it has
"made it into the news." It's the ones that haven't been fixed and are
much
more dangerous that are problems. If you want a 100% secure browser,
your
only real option is to not use IE.

http://www.osioniusx.com -  IE PopUp OBJECT Advisory

jon
----- Original Message -----
From: "Ben Ewing" <bewi at haestad.com>
To: <thelist at lists.evolt.org>
Sent: Thursday, February 21, 2002 12:37 PM
Subject: [thelist] IE Security Hole


> Has anyone seen this yet?  I haven't seen notice of it anywhere else.
>
> A security hole in MS IE 5 and 6 with Win NT, 2000, or XP allows a
malicious site to open a DOS command window and execute anything it
wants.
>
> Posted on this Hungarian site...
> http://www.kurt.hu/indexx.htm
>
> Click the link in the box labeled '2002.02.20 Internet Explorer bug!'
>
> Warning:  They do pop up a command window when you go to the site.
They
don't do anything malicious, but if you don't want it to happen, disable
active scripting before you go there.
>
> Seems strange though that such a big bug hasn't made it into the news
somewhere.


--
For unsubscribe and other options, including
the Tip Harvester and archive of thelist go to:
http://lists.evolt.org Workers of the Web, evolt !


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

More information about the thelist mailing list