'Re: New IE6 security hole'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vuln-dev
Subject:    Re: New IE6 security hole
From:       "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa () pacbell ! net>
Date:       2005-06-10 14:01:06
Message-ID: 42A99D22.70406 () pacbell ! net
[Download RAW message or body]

And when I forwarded your email to Secure@microsoft.com [which is what 
YOU should have done rather than posting it all over the place] this is 
what they posted back to me:

- Microsoft is aware of a public report of a vulnerability affecting
Internet Explorer.  The report indicates that Internet Explorer's
default behavior could allow a web page to not display script code when 
a user attempts to view the source of the page.  
- Our investigation reveals that the behavior described in the public
report is not a vulnerability in the browser. Instead, this is a well
known capability of dynamic html (DHTML) and is a standard feature of
most browsers including Internet Explorer.
- Microsoft is concerned that some security researchers may not know the 
appropriate email alias to report security vulnerabilities to the
Microsoft Security Response Center.  Secure@microsoft.com is the public 
email alias for reporting security vulnerabilities to Microsoft.

- We continue to encourage all security researchers to work with
Microsoft on a confidential basis so that we can work together in
partnership to help protect Microsoft's customers and not put them at
unnecessary risk.

- We continue to encourage customers follow our Protect Your PC guidance 
of enabling a firewall, getting software updates, and installing 
antivirus software. Customers can learn more about these steps at 
www.microsoft.com/protect.
-------------------------------------------

In your contact database... put in secure@microsoft.com and next 
time...use that instead.


Development SeniorenNet wrote:

> Hi,
> 
> 
> 
> I discovered a NEW security hole / exploit in IE6 with SP2 and all the 
> latest security patches.
> 
> 
> 
> Overview of the exploit:
> 
> a.. Bug for all Microsoft Internet Explorer users
> b.. Can be abused by hackers to run harmful JavaScript code and can 
> be abused to mislead existing protection against harmful JavaScript 
> code, like software from Norton, McAfee,.
> c.. Can be abused to mislead the search engines Google, MSN, Yahoo, 
> AltaVista,.
> d.. Unpleasant for JavaScript programmers
> 
> 
> I searched the net about the bug but found nothing, so I really think 
> it is a NEW bug.
> 
> 
> 
> All the information about the new bug (info, exploit,.) , see the page 
> http://research.seniorennet.be/Techresearch/Javascript_security_flaw_bug_ie_6/security_flaw_bug_javascript_ie_6_internet_explorer.php \
>  
> 
> 
> 
> 
> 
> Best regards,
> 
> Pascal Vyncke
> 
> 


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic