Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Official IFRAME patch - make sure it installs correctly
From: "BillyBob" <billybobknob () hotmail com>
Date: Thu, 2 Dec 2004 09:06:41 -0400

Does anyone know why Microsoft does not have this patch available for XP (no
SP) running IE6 ?
I know this system is vulnerable to the IFRAME exploit as I tested it.

Bill

----- Original Message -----
From: "Berend-Jan Wever" <skylined () edup tudelft nl>
To: <full-disclosure () lists netsys com>; <bugtraq () securityfocus com>
Sent: Wednesday, December 01, 2004 8:49 PM
Subject: [Full-disclosure] Official IFRAME patch - make sure it installs
correctly


The IFRAME vulnerability has been patched, see
http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx

*** Make sure you are patched after installing ***
I installed it using "Automatic Updates" (on Win2ksp4), rebooted and
loaded my InternetExploiter.html: IT STILL WORKED!!
Even though both "Automatic Updates" and
"http://windowsupdate.microsoft.com"; reported that I was patched!?!
I manually downloaded the exe and ran it, rebooted and now I'm finally
truely patched.

It might just have been a glitch on my system, but you might wanna check
anyway: InternetExploiter.html can still be downloaded from my website.

Berend-Jan Wever
<skylined () edup tudelft nl>
http://www.edup.tudelft.nl/~bjwever
SkyLined in #SkyLined on EFNET


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault