Bugtraq mailing list archives

RE: Update and comments on the MS02-023 patch, holes still remain

From: Thor Larholm <Thor () jubii dk>
Date: Fri, 17 May 2002 14:36:00 +0200

In my comments I wrote that the cssText vulnerability appeared to be
patched. After further testing and research I will have to correct myself,
as the issue is not patched at all.

To sum it up:

On February 18, GreyMagic discovered a vulnerability in the cssText property
of imported stylesheets. After Microsoft had researched it for 44 days
GreyMagic released their advisory on April 2. According to the MS02-023
bulletin released by Microsoft on May 15, this vulnerability should now be
patched. However, using a simple HTTP redirect circumvents this new
'protection'.

I seem not to be the only one who has discovered this fact. GreyMagic
Software have updated their advisory on the cssText vulnerability and
bundled a new example that works "post MS02-023", which can be found at

http://sec.greymagic.com/adv/gm004-ie/


Regards
Thor Larholm
Jubii A/S - Internet Programmer

Current thread:

Update and comments on the MS02-023 patch, holes still remain Thor Larholm (May 16)
- Re: Update and comments on the MS02-023 patch, holes still remain Andrew Clover (May 17)
- <Possible follow-ups>
- RE: Update and comments on the MS02-023 patch, holes still remain Thor Larholm (May 17)