Vulnerability Development: RE: [ALERT] Remote File Execution By Web or Mail: Internet Explorer

["Ben Smee" <Ben.Smee () optus net au>]

is it just me or can you not conceive of anyway to protect yourself now
that you do know about the problem?

forewarned is forearmed.

--------------------
Benjamin Smee
Technical Specialist
Optus Business Operations (NAC)
"YES" OPTUS
ben.smee () optus net au
Tel: +61-2-93420091
Fax: +61-2-93420998

Perilous to all of us are the devices of an art deeper than we possess
ourselves.
-- Gandalf the White 

> -----Original Message-----
> From: Mariusz Mazur [mailto:mariusz () isn pl] 
> Sent: Friday, 23 November 2001 6:10 AM
> To: vuln-dev () securityfocus com
> Subject: Re: [ALERT] Remote File Execution By Web or Mail: 
> Internet Explorer
>
>
> On 2001-11-21 hush.little.baby () hushmail com wrote the folowyng:
>
> [moderator: since this will probably cause many people to 
> start the nda vs full disclosure debate so I guess you won't 
> let it trough. So if you don't, it would be nice to give a 
> tip to the list.]
>
>
> Ok... So we know that there is a bug... It's a critical one, 
> ppl can "turn it off" by editing something in the registry 
> and Microsoft is working hard to fix it. Oh... and we know 
> that for the next 60 days some people can cause some damage 
> to me and I have no way to protect myself.
>
> Is this just me or maybe more people think that releasing 
> this "advisory" (though this should be called "intimidator") 
> was completely irresponsible and plain stupid?
>
>
> hlbhc> -----BEGIN PGP SIGNED MESSAGE-----
>
> hlbhc> NOMEN NESCIO SECURITY ALERT #9000989 666
>
> hlbhc> Topic: Remote File Execution By Web or Mail: Internet Explorer
>
> hlbhc> Severity: Critical
>
> hlbhc> Datum: 2001-11-21
>
> ---snip---
>
>
>
> -- 
> Mariusz Mazur
> "One Ring to bring them all and in the darkness bind them"
> rem begin  JenniferLopez_Naked.jpg.vbs :)