Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Groundhog Day - IE Critical Update

  • 03-02-2004 11:47am
    #1
    Capt'n Midnight
    Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 92,986 Mod ✭✭✭✭


    "This is a cumulative update that includes the functionality of all the previously-released updates for Internet Explorer 5.01, Internet Explorer 5.5, and Internet Explorer 6.0. Additionally, it eliminates the following three newly*-discovered vulnerabilities:"

    *newly is apparantly microspeak for proven to have existed for at least three months

    A vulnerability that involves the cross-domain security model of Internet Explorer.
    This vulnerability could allow a file to be saved in a target location on the user's system if the user clicked a link But M$ say Ok unless the user clicks on a web pageand even then the downloaded file won't run. - ulness saved in any of the N autostart locations - media player anyone ?
    A vulnerability that involves the incorrect parsing of URLs that contain special characters. When combined with a misuse of the basic authentication feature that has "username:password@" at the beginning of a URL Great for Phishing(SP) and spoofing web sites etc.

    http://eu.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS04-004.asp

    "If an attacker exploited these vulnerabilities, they would gain only the same privileges as the user." -Don't M$ realise that in XP you more or less have to power user or even admin rights to get lots of sw working ???


    /RANT

    It fixes a couple of big holes and exploits

    ie6 SP1 link (not 64bit or 2003server) 2,840KB
    http://eu.microsoft.com/downloads/details.aspx?FamilyId=70530968-B59A-47C0-90D3-0C884910BC97&displaylang=en

    (this one might work better if you have netleach / DA etc. and the server keeps resetting)
    http://download.microsoft.com/download/9/b/3/9b3f16b4-a907-468b-8283-c050d1ea4948/Q832894.exe


Comments

  • #2
    Hecate
    Registered Users, Registered Users 2 Posts: 2,518 ✭✭✭Hecate


    took them long enough.... that url parsing vuln was discovered months ago.


Advertisement