lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <9B66BBD37D5DD411B8CE00508B69700F033F21A0@pborolocal.rnib.org.uk> From: John.Airey at rnib.org.uk (John.Airey@...b.org.uk) Subject: Outlook Express Remote Code Execution in Pr eview Pane (S/MIME) On a related note, does anyone know why IE6 SP1 has become a "critical" update for Windows 2000? Is there something else about IE6 SP1 that Microsoft isn't letting on about? - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@...b.org.uk Theories of evolution are like buses - there'll be another one along in a minute > -----Original Message----- > From: David Vincent [mailto:david.vincent@...htyoaks.com] > Sent: 11 October 2002 07:21 > To: 'HggdH'; full-disclosure@...ts.netsys.com > Subject: RE: [Full-Disclosure] Outlook Express Remote Code > Execution in > Pr eview Pane (S/MIME) > > > >Nevertheless, there is still something bothering me: if you > look at the IE > 6 > >SP1 fix list (linked from > >http://support.microsoft.com/default.aspx?scid=kb;en-us;Q3264 > 89), there is > >absolutely no reference to this problem. > > > >So, Microsoft addressed a critical problem in the service > pack, but decided > >to keep silent about it until now. > > > >I wonder what else has been hidden. > > > i've been wondering the same thing. they also rolled a > remote desktop fix > into xp sp1 and later released a patch for w2k and xp. > > lesee... remember this? > > ----- > > Title: Cryptographic Flaw in RDP Protocol can Lead to > Information Disclosure (Q324380) > Released: 18 September 2002 > Software: Microsoft Windows 2000 > Microsoft Windows XP > Impact: Two vulnerabilities: information disclosure, denial of > service > Max Risk: Moderate > Bulletin: MS02-051 > > ----- > > and then... > > ----- > > http://www.microsoft.com/technet/treeview/default.asp?url=/tec hnet/security/ bulletin/MS02-051.asp Additional information about this patch Installation platforms: The patch for Windows 2000 can be installed on systems running Windows 2000 Service Pack 2 or Windows 2000 Service Pack 3. The patch for Windows XP can be installed on systems running Windows XP Gold. Inclusion in future service packs: The fix for this issue will be included in Windows 2000 Service Pack 4. The fix for this issue is included in Windows XP Service Pack 1. ----- -d _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk
Powered by blists - more mailing lists