[prev in list] [next in list] [prev in thread] [next in thread]
List: vuln-dev
Subject: Re: New IE6 security hole
From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa () pacbell ! net>
Date: 2005-06-10 14:01:06
Message-ID: 42A99D22.70406 () pacbell ! net
[Download RAW message or body]
And when I forwarded your email to Secure@microsoft.com [which is what
YOU should have done rather than posting it all over the place] this is
what they posted back to me:
- Microsoft is aware of a public report of a vulnerability affecting
Internet Explorer. The report indicates that Internet Explorer's
default behavior could allow a web page to not display script code when
a user attempts to view the source of the page.
- Our investigation reveals that the behavior described in the public
report is not a vulnerability in the browser. Instead, this is a well
known capability of dynamic html (DHTML) and is a standard feature of
most browsers including Internet Explorer.
- Microsoft is concerned that some security researchers may not know the
appropriate email alias to report security vulnerabilities to the
Microsoft Security Response Center. Secure@microsoft.com is the public
email alias for reporting security vulnerabilities to Microsoft.
- We continue to encourage all security researchers to work with
Microsoft on a confidential basis so that we can work together in
partnership to help protect Microsoft's customers and not put them at
unnecessary risk.
- We continue to encourage customers follow our Protect Your PC guidance
of enabling a firewall, getting software updates, and installing
antivirus software. Customers can learn more about these steps at
www.microsoft.com/protect.
-------------------------------------------
In your contact database... put in secure@microsoft.com and next
time...use that instead.
Development SeniorenNet wrote:
> Hi,
>
>
>
> I discovered a NEW security hole / exploit in IE6 with SP2 and all the
> latest security patches.
>
>
>
> Overview of the exploit:
>
> a.. Bug for all Microsoft Internet Explorer users
> b.. Can be abused by hackers to run harmful JavaScript code and can
> be abused to mislead existing protection against harmful JavaScript
> code, like software from Norton, McAfee,.
> c.. Can be abused to mislead the search engines Google, MSN, Yahoo,
> AltaVista,.
> d.. Unpleasant for JavaScript programmers
>
>
> I searched the net about the bug but found nothing, so I really think
> it is a NEW bug.
>
>
>
> All the information about the new bug (info, exploit,.) , see the page
> http://research.seniorennet.be/Techresearch/Javascript_security_flaw_bug_ie_6/security_flaw_bug_javascript_ie_6_internet_explorer.php \
>
>
>
>
>
>
> Best regards,
>
> Pascal Vyncke
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic