funsec mailing list archives
Re: MS 0day
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Tue, 7 Nov 2006 10:20:20 -0500
On 11/7/06, Roger Thompson <rthompson () explabs com> wrote:
At 09:06 AM 11/7/2006, Dude VanWinkle wrote: >http://secunia.com/advisories/22687/ >http://www.microsoft.com/technet/security/advisory/927892.mspx >Microsoft is investigating public reports of a vulnerability in the >XMLHTTP 4.0 ActiveX Control, part of Microsoft XML Core Services 4.0 >on Windows. We are aware of limited attacks that are attempting to use >the reported vulnerability. > >Customers who are running Windows Server 2003 and Windows Server 2003 >Service Pack 1 in their default configurations, with the Enhanced >Security Configuration turned on, are not affected. Customers would >need to visit an attacker's Web site to be at risk. We will continue >to investigate these public reports. > >------------------ > >I cant tell if this is related to the ie_createobject vuln or not.. No... they're different.
Do you know of a link to detailed info about this vuln? Does anyone have an example of the exploit circulating? -JP _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- MS 0day Dude VanWinkle (Nov 07)
- <Possible follow-ups>
- Re: MS 0day Roger Thompson (Nov 07)
- Re: MS 0day Dude VanWinkle (Nov 07)
- Re: MS 0day Juha-Matti Laurio (Nov 07)