[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: XML scripting in IE, Outlook Express

To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Re: XML scripting in IE, Outlook Express
From: Francis Favorini <francis.favorini@DUKE.EDU>
Date: Wed, 25 Apr 2001 13:39:39 -0400

    [ The following text is in the "koi8-r" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

From: Georgi Guninski [mailto:guninski@GUNINSKI.COM]
> I continue to believe all versions of IE 5.x are vulnerable.
> [...]
> 3. If you see a message box "This is VBscript"  then you are
> vulnerable because this message is produced by active scripting which is
disabled in (1).

Not vulnerable:

NT 4.0 SP6a with these hotfixes:
Q243649 Q246045 Q243835(reissued) Q248183 Q249108 Q259622 Q259728 Q264684
Q266433 Q275567 Q280119 Q296441
and IE 5.5 SP1 with these hotfixes:
VM3802 Q279328 Q283908 Q286045 Q280768(WSH 5.5 second version) Q290108
Q293818
and (for completeness) O2K SR1 with these hotfixes:
Q262767 Q268365 Q269252 Q269880 Q274226 Q282132 Q285978(reissued)

-Francis

Prev by Date: Re: Advisory for perl webserver
Next by Date: Re: OpenSSL-0.9.6a has security fixes
Prev by thread: Re: XML scripting in IE, Outlook Express
Next by thread: Re: XML scripting in IE, Outlook Express
Index(es):
- Date
- Thread