Full Disclosure mailing list archives
Re: BAD NEWS: Microsoft Security Bulletin MS03-032
From: Fabio Gomes de Souza <bugtraq () gs2 com br>
Date: Mon, 08 Sep 2003 18:00:07 -0300
Guys, If Microsoft fixed IE holes, they would destroy the Adware/Spyware industry.If Microsoft removed the Virus Support (TM) from their products, they would crash the entire antivirus industry (and this one is not small).
If Microsoft did a decent hotfix management solution, they would destroy the newly-created hotfix management industry.
If Microsoft managed the open ports of a Windows computer in a decent manner, Symantec, their friend who sells firewalls, would earn less money.
This list is endless. Too many cats to put in a bag.Also endless is this issue. Market is the answer. When the market finally realize that AT LEAST the OS must be Open Source, these problems will disappear.
http-equiv () excite com escreveu:
Since the cat somehow got out of the bag, and more importantly, this is so blatantly obvious, herewith is the "Bad News":The patch for Drew's object data=funky.hta doesn't work: http://www.malware.com/badnews.html <script> var oPopup = window.createPopup(); function showPopup() { oPopup.document.body.innerHTML = "<object data=ouch.php>"; oPopup.show(0,0,1,1,document.body); }showPopup()</script> Notes: 1. Disable Active Scripting 2. In case that does not work, uninstall Internet Explorer 3. http://www.eeye.com/html/Research/Advisories/AD20030820.html 4. This was sent to the manufacturer quite some time prior to this going out. Surprisingly no immediate acknowledgement 5. This is so blatantly obvious, in particular because it is the coupling of two known issues[one current + one from 2002]: http://www.securityfocus.com/bid/3867/It is beyond comprehension why this was not checked from the outset as it is a known issue plus file://::{CLSID}in the control panel in the object tag still functions to date. 6. At this stage one must really question the compentency of this particular operation. This is a pathetic oversight.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- BAD NEWS: Microsoft Security Bulletin MS03-032 http-equiv () excite com (Sep 07)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Richard M. Smith (Sep 07)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Richard M. Smith (Sep 07)
- Re: BAD NEWS: Microsoft Security Bulletin MS03-032 morning_wood (Sep 08)
- Re: BAD NEWS: Microsoft Security Bulletin MS03-032 http-equiv () excite com (Sep 08)
- Re: BAD NEWS: Microsoft Security Bulletin MS03-032 Fabio Gomes de Souza (Sep 08)
- <Possible follow-ups>
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Nick Jacobsen (Sep 07)
- FW: BAD NEWS: Microsoft Security Bulletin MS03-032 Richard M. Smith (Sep 07)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 GreyMagic Software (Sep 08)
- Re: [VulnWatch] RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Thomas Kristensen (Sep 08)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 ADBecker (Sep 08)
- Re: RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Nick FitzGerald (Sep 08)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Thor Larholm (Sep 08)
- RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Nathan Wallwork (Sep 09)
- (Patch Updated) Microsoft Security Bulletin MS03-032 Jim (Sep 09)
(Thread continues...)