|
Bugtraq
mailing list archives
IE bug not fixed - update
From: "Brian Taylor" <brian () socnet freeserve co uk>
Date: Mon, 26 Aug 2002 23:57:06 -0700
Microsoft Baseline security analyser shows a red cross against "MS02-008,
XMLHTTP Control Can Allow Access to Local Files" on both my systems, and
this is backed up by the exploit http://jscript.dk/Jumper/xploit/xmlhttp.asp
is working on both my systems despite reapplying the required patch many
times in the past and then installing the latest IE patch that should also
of fixed it.
The bug shown on the following pages is not fixed
http://online.security.com/bid/3699
I have 2 computers running Win XP Pro & IE6, both systems have all =
updates installed via the Windows Update including Q323759: August, 2002 =
Cumulative Patch for Internet Explorer 6 (Windows XP), installed on 23 =
Aug 02.
Yet the page http://jscript.dk/Jumper/xploit/xmlhttp.asp still allows =
local file reading on both computers, which was ment to be patched in =
MS02-008.
If you need any details, computer config, dll versions etc just drop me =
a mail and I will get you detailed compuer hardware and software info.
Can you confirm the existance of this bug on your test systems.
Thanks
Brian
 By Date 
By Thread
Current thread:
- IE bug not fixed - update Brian Taylor (Aug 27)
|
Intro
