Bugtraq mailing list archives

Re: Microsoft Security Bulletin (MS99-043)

From: weez () AVENIR DHS ORG (John Madden)
Date: Thu, 18 Nov 1999 07:32:37 -0500

Patch Available for "Javascript Redirect" Vulnerability
Originally Posted: October 18, 1999
Re-released: November 17, 1999

Summary
=======
On October 18, 1999, Microsoft released the original version of this
bulletin, in order to advise  customers of a workaround for a vulnerability
in Microsoft(r) Internet Explorer. The  vulnerability could allow a
malicious web site operator to read files on the computer of a user  who
visited the site, under certain circumstances. Microsoft has completed a
patch that  completely eliminates the vulnerability, and has re-released
this bulletin in order to advise  customers of its availability.


Egads, a month for a patch?  Who are they kidding?

Note that IE 5.01 is also out, and probably already contains this patch.

Current thread:

Re: local users can panic linux kernel (was: SuSE syslogd advisory), (continued)
- - - Re: local users can panic linux kernel (was: SuSE syslogd advisory) Cy Schubert - ITSD Open Systems Group (Nov 23)
    - Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Jefferson Ogata (Nov 23)
    - Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Shafik Yaghmour (Nov 23)
    - Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Olaf Kirch (Nov 24)
    - Re: local users can panic linux kernel (was: SuSE syslogdadvisory) Goetz Babin-Ebell (Nov 24)
    - more about IP ID antirez () INVECE ORG (Nov 20)
    - FreeBSD sysinstall Jonas Eriksson (Nov 20)
    - Re: local users can panic linux kernel (was: SuSE syslogd advisory) Malcolm Beattie (Nov 22)
    - DNA-1999-001: NetTerm FTP Daemon vulnerabilities Jeremy Iverson (Nov 22)
    - Microsoft Security Bulletin (MS99-043) Aleph One (Nov 17)
    - Re: Microsoft Security Bulletin (MS99-043) John Madden (Nov 18)