[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Official IFRAME patch - make sure it installs correctly
- To: "Berend-Jan Wever" <skylined@xxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] Official IFRAME patch - make sure it installs correctly
- From: "BillyBob" <billybobknob@xxxxxxxxxxx>
- Date: Thu, 2 Dec 2004 09:06:41 -0400
Does anyone know why Microsoft does not have this patch available for XP (no
SP) running IE6 ?
I know this system is vulnerable to the IFRAME exploit as I tested it.
Bill
----- Original Message -----
From: "Berend-Jan Wever" <skylined@xxxxxxxxxxxxxxx>
To: <full-disclosure@xxxxxxxxxxxxxxxx>; <bugtraq@xxxxxxxxxxxxxxxxx>
Sent: Wednesday, December 01, 2004 8:49 PM
Subject: [Full-Disclosure] Official IFRAME patch - make sure it installs
correctly
> The IFRAME vulnerability has been patched, see
http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx
>
> *** Make sure you are patched after installing ***
> I installed it using "Automatic Updates" (on Win2ksp4), rebooted and
loaded my InternetExploiter.html: IT STILL WORKED!!
> Even though both "Automatic Updates" and
"http://windowsupdate.microsoft.com"; reported that I was patched!?!
> I manually downloaded the exe and ran it, rebooted and now I'm finally
truely patched.
>
> It might just have been a glitch on my system, but you might wanna check
anyway: InternetExploiter.html can still be downloaded from my website.
>
> Berend-Jan Wever
> <skylined@xxxxxxxxxxxxxxx>
> http://www.edup.tudelft.nl/~bjwever
> SkyLined in #SkyLined on EFNET
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html