[thelist] IE Security Hole
Ezra S F
ezrasf at yahoo.com
Thu Feb 21 18:17:00 CST 2002
I don't see anything about this in Microsoft's Security Bulletins.
http://www.microsoft.com/technet/security/current.asp
The 2002 Feb 11 Cumulative patch does not mention anything about the
ability to open a command shell to execute commands that I saw.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS02-005.asp
This is the only IE patch I see for this year.
Ezra S Freelove
Computer Supp Spec, Web Services
Information Technology | 229-333-5974
Valdosta State University | ICQ: 41079071
http://www.valdosta.edu/~esfreelo/ | esfreelo at valdosta.edu
-----Original Message-----
From: thelist-admin at lists.evolt.org
[mailto:thelist-admin at lists.evolt.org] On Behalf Of Jon Hall
Sent: Thursday, February 21, 2002 12:49 PM
To: thelist at lists.evolt.org
Subject: Re: [thelist] IE Security Hole
It was first posted to Bugtraq around the 10th of January. I believe
this
was fixed in the newest IE patch, but I'm not 100% about that. So it has
"made it into the news." It's the ones that haven't been fixed and are
much
more dangerous that are problems. If you want a 100% secure browser,
your
only real option is to not use IE.
http://www.osioniusx.com - IE PopUp OBJECT Advisory
jon
----- Original Message -----
From: "Ben Ewing" <bewi at haestad.com>
To: <thelist at lists.evolt.org>
Sent: Thursday, February 21, 2002 12:37 PM
Subject: [thelist] IE Security Hole
> Has anyone seen this yet? I haven't seen notice of it anywhere else.
>
> A security hole in MS IE 5 and 6 with Win NT, 2000, or XP allows a
malicious site to open a DOS command window and execute anything it
wants.
>
> Posted on this Hungarian site...
> http://www.kurt.hu/indexx.htm
>
> Click the link in the box labeled '2002.02.20 Internet Explorer bug!'
>
> Warning: They do pop up a command window when you go to the site.
They
don't do anything malicious, but if you don't want it to happen, disable
active scripting before you go there.
>
> Seems strange though that such a big bug hasn't made it into the news
somewhere.
--
For unsubscribe and other options, including
the Tip Harvester and archive of thelist go to:
http://lists.evolt.org Workers of the Web, evolt !
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the thelist
mailing list