Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: New IE6 security hole

Re: New IE6 security hole

From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] <sbradcpa_at_pacbell.net>
Date: Fri, 10 Jun 2005 07:01:06 -0700

And when I forwarded your email to Secure_at_microsoft.com [which is what
YOU should have done rather than posting it all over the place] this is
what they posted back to me:

- Microsoft is aware of a public report of a vulnerability affecting
Internet Explorer. The report indicates that Internet Explorer's
default behavior could allow a web page to not display script code when
a user attempts to view the source of the page.
- Our investigation reveals that the behavior described in the public
report is not a vulnerability in the browser. Instead, this is a well
known capability of dynamic html (DHTML) and is a standard feature of
most browsers including Internet Explorer.
- Microsoft is concerned that some security researchers may not know the
appropriate email alias to report security vulnerabilities to the
Microsoft Security Response Center. Secure_at_microsoft.com is the public
email alias for reporting security vulnerabilities to Microsoft.

- We continue to encourage all security researchers to work with
Microsoft on a confidential basis so that we can work together in
partnership to help protect Microsoft's customers and not put them at
unnecessary risk.

- We continue to encourage customers follow our Protect Your PC guidance
of enabling a firewall, getting software updates, and installing
antivirus software. Customers can learn more about these steps at
www.microsoft.com/protect.
-------------------------------------------

In your contact database... put in secure_at_microsoft.com and next
time...use that instead.

Development SeniorenNet wrote:

> Hi,
>
>
>
> I discovered a NEW security hole / exploit in IE6 with SP2 and all the
> latest security patches.
>
>
>
> Overview of the exploit:
>
> a.. Bug for all Microsoft Internet Explorer users
> b.. Can be abused by hackers to run harmful JavaScript code and can
> be abused to mislead existing protection against harmful JavaScript
> code, like software from Norton, McAfee,.
> c.. Can be abused to mislead the search engines Google, MSN, Yahoo,
> AltaVista,.
> d.. Unpleasant for JavaScript programmers
>
>
> I searched the net about the bug but found nothing, so I really think
> it is a NEW bug.
>
>
>
> All the information about the new bug (info, exploit,.) , see the page
> http://research.seniorennet.be/Techresearch/Javascript_security_flaw_bug_ie_6/security_flaw_bug_javascript_ie_6_internet_explorer.php
>
>
>
>
>
>
> Best regards,
>
> Pascal Vyncke
>
>
Received on Jun 10 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos