lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: david.vincent at (David Vincent)
Subject: Outlook Express Remote Code Execution in Pr
	eview Pane (S/MIME)

>Nevertheless, there is still something bothering me: if you look at the IE
>SP1 fix list (linked from
>;en-us;Q326489), there is
>absolutely no reference to this problem.
>So, Microsoft addressed a critical problem in the service pack, but decided
>to  keep silent about it until now.
>I wonder what else has been hidden.

i've been wondering the same thing.  they also rolled a remote desktop fix
into xp sp1 and later released a patch for w2k and xp.

lesee...  remember this?


Title:      Cryptographic Flaw in RDP Protocol can Lead to 
            Information Disclosure (Q324380)
Released:   18 September 2002
Software:   Microsoft Windows 2000 
            Microsoft Windows XP
Impact:     Two vulnerabilities: information disclosure, denial of 
Max Risk:   Moderate
Bulletin:   MS02-051


and then...


Additional information about this patch
Installation platforms: 

The patch for Windows 2000 can be installed on systems running Windows 2000
Service Pack 2 or Windows 2000 Service Pack 3. 
The patch for Windows XP can be installed on systems running Windows XP
Inclusion in future service packs:

The fix for this issue will be included in Windows 2000 Service Pack 4. 
The fix for this issue is included in Windows XP Service Pack 1. 



Powered by blists - more mailing lists