[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?

To: "Tim" <tim-security@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?
From: "Marc Ruef" <maru@xxxxxxx>
Date: Wed, 3 Sep 2003 08:50:36 +0200

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear List,

> This is helpful.  In addition, thanks to a file format breakdown by
> Caraciola I was able to more reliably crash my IE.  By taking the last
> [...]

It seems that there is a real and new security hole existent.

I sent an email to secure@xxxxxxxxxxxxx, so that they can verify the
existence of the bug and publish a bugfix.

Yours,

Marc Ruef

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBP1WPaxe5hzJzqVMhEQJpAQCgnpIsmzd+S9/ojzPPpk4yK1eSlYUAnRXB
JPOogM7aV3m2WHXXez5ClncO
=498J
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- [Full-Disclosure] Snort on a Bootable FreeBSD CD to catch Nachi, Blaster & Sobig
  - From: Justin Tan

Prev by Date: [Full-Disclosure] Code executing in McAfee's virus information websites
Next by Date: [Full-Disclosure] MDKSA-2003:088 - Updated pam_ldap packages fix vulnerability with pam filtering
Previous by thread: RE: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?
Next by thread: [Full-Disclosure] Snort on a Bootable FreeBSD CD to catch Nachi, Blaster & Sobig
Index(es):
- Date
- Thread