<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos network security services platform

Bugtraq: Still Vulnerable in MSIE

Still Vulnerable in MSIE

From: Greg Kujawa <greg.kujawa_at_diamondcellar.com>
Date: 14 May 2004 14:36:49 -0000

('binary' encoding is not supported, stored as-is) With the latest vendor AV definitions and all of the Microsoft Security Updates my MSIE 6 application still was vulnerable to some apparent cross-site scripting exploit. I was hit with one of the many Agobot variants when exiting a site detailing some IE vulnerabilities (http://www.hnc3k.com). The site exit led to a series of pop-up and pop-under ads.

All of these site redirects apparently resulted in a www2.flingstone.com site dropping in a infamous.exe file onto my computer. All the while I saw no prompts to download or execute anything whatsoever. All I did was close the windows that were coming up.

Just an FYI since even the latest updates on all fronts cannot ensure peace of mind.
Received on May 14 2004

This message: [ Message body ]
Next message: Boren, Rich (SSRT): "[security bulletin] SSRT3613 rev.0 HP-UX B6848AB GTK+ Support Libraries - elevated privileges"
Previous message: Trustix Security Advisor: "TSLSA-2004-0027 - apache"
Next in thread: Thor Larholm: "RE: Still Vulnerable in MSIE"
Maybe reply: Thor Larholm: "RE: Still Vulnerable in MSIE"
Maybe reply: Drew Copley: "RE: Still Vulnerable in MSIE"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]