| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Mar 2003 17:45:42 -0500 (EST) From: Ken Fischer <kenf@...rs.junebug.org> To: bugtraq@...urityfocus.com Subject: Unknown trust error when downloading ocget.dll Greetings, We have run into a problem this afternoon with the copy of ocget.dll that is located at: http://codecs.microsoft.com/objects/ocget.dll It seems that it is either signed improperly, or not at all. This .dll is loaded automatically by IE when .cab files are downloaded from the server. Usually it is transparent, if the signature is ok. Since that is no longer the case, our users are getting an access denied message due to the security settings on their browser. Since ocget.dll is not really a required download, according to Microsoft ( http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b323207 ) the pages still display correctly. The users are still blaming our programmers for the problem, of course :) Not to mention the possible security implications here. Is anyone else seeing this behavior? ( Verified on: Win2K/IE5.5-SP2, Win2K/IE6.0-SP1 and WinXP/IE6.0 ) Thanks. -- Ken Fischer, CCNA <kenf@...ebug.org> PGP Fingerprint: 9523 54B6 D67B BBFB 53B3 2F3B 7E81 0891 C495 CB50 --
Powered by blists - more mailing lists