[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAEGgfWgbuhr1HPFRKUt23hw-i4RXWYiHYSwvZqLjK2sN3ViDSA@mail.gmail.com>
Date: Tue, 12 Jan 2016 16:12:53 +0000
From: Patrick Toomey <ptoomey3@...sedcoin.com>
To: fulldisclosure@...lists.org
Subject: [FD] Whatever happened with CVE-2015-0072?
It seems that this issue was originally disclosed here:
http://seclists.org/fulldisclosure/2015/Feb/0. Eventually a CVE was
assigned: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0072 and
then MSFT released a patch:
https://technet.microsoft.com/en-us/library/security/ms15-018.aspx. But,
according to https://blog.innerht.ml/ie-uxss/ (and local testing) it
remains unpatched for Windows 8.1 on IE 11. Do anyone have any insight into
what happened? I haven't seen any follow up to the issue as to why the
patch didn't work (did it ever work and there was a regression or was the
patch always broken)? And, more importantly, has there been any followup
from MSFT? It would seem that Windows 8.1/IE 11 are still eligible for
security updates, so I'm scratching my head on the lack of
communication/patches here.
Thanks!
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists