lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.10.10303141712230.26674-100000@users.junebug.org>
Date: Fri, 14 Mar 2003 17:45:42 -0500 (EST)
From: Ken Fischer <kenf@...rs.junebug.org>
To: bugtraq@...urityfocus.com
Subject: Unknown trust error when downloading ocget.dll


Greetings, 

We have run into a problem this afternoon with the copy of 
ocget.dll that is located at:
 http://codecs.microsoft.com/objects/ocget.dll

It seems that it is either signed improperly, or not at all. 

This .dll is loaded automatically by IE when .cab files are 
downloaded from the server.  Usually it is transparent, if 
the signature is ok.  Since that is no longer the case, our
users are getting an access denied message due to the security
settings on their browser.

Since ocget.dll is not really a required download, according to Microsoft
( http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b323207 )
the pages still display correctly.  

The users are still blaming our programmers for the problem, of course :) 
Not to mention the possible security implications here.

Is anyone else seeing this behavior? 

( Verified on: Win2K/IE5.5-SP2, Win2K/IE6.0-SP1 and WinXP/IE6.0 )

Thanks. 

--
Ken Fischer, CCNA  <kenf@...ebug.org>
PGP Fingerprint: 9523 54B6 D67B BBFB 53B3  2F3B 7E81 0891 C495 CB50
--





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ