[thelist] IE Security Hole
Jon Hall
jonhall at ozline.net
Thu Feb 21 11:49:00 CST 2002
It was first posted to Bugtraq around the 10th of January. I believe this
was fixed in the newest IE patch, but I'm not 100% about that. So it has
"made it into the news." It's the ones that haven't been fixed and are much
more dangerous that are problems. If you want a 100% secure browser, your
only real option is to not use IE.
http://www.osioniusx.com - IE PopUp OBJECT Advisory
jon
----- Original Message -----
From: "Ben Ewing" <bewi at haestad.com>
To: <thelist at lists.evolt.org>
Sent: Thursday, February 21, 2002 12:37 PM
Subject: [thelist] IE Security Hole
> Has anyone seen this yet? I haven't seen notice of it anywhere else.
>
> A security hole in MS IE 5 and 6 with Win NT, 2000, or XP allows a
malicious site to open a DOS command window and execute anything it wants.
>
> Posted on this Hungarian site...
> http://www.kurt.hu/indexx.htm
>
> Click the link in the box labeled '2002.02.20 Internet Explorer bug!'
>
> Warning: They do pop up a command window when you go to the site. They
don't do anything malicious, but if you don't want it to happen, disable
active scripting before you go there.
>
> Seems strange though that such a big bug hasn't made it into the news
somewhere.
More information about the thelist
mailing list