Security Incidents mailing list archives
Re: Admin.dll (strings ./Admin.dll)
From: Gary Flynn <flynngn () jmu edu>
Date: Tue, 18 Sep 2001 18:36:07 -0400
"Robert D." wrote:
I'm I correct assuming this is the same problem discussed in MS00-043?
I think its MS01-033. http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.asp That is probably for the better though. As I understand it, the MS00-043 defect would trigger as soon as Outlook was started and it read the mail headers. :(
In that case the following configurations are safe: IE 5.01 SP1 or later IE 5.5 or later ( except Windows 2000, sp1 safe?? )
If its MS01-033, they're not :) Worse, only 5.01sp1 and 5.5sp1 have patches available for them. That means the Windows Update Site doesn't help. I just went there with 5.50.4134.0600IS and it didn't tell me I needed the patch. You haven't lived until you've tried to talk a Windows 95 user with IE3 through the update process. :( http://www.jmu.edu/computing/info-security/engineering/issues/iemime.shtml -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Admin.dll (strings ./Admin.dll) w1re p4ir (Sep 18)
- Re: Admin.dll (strings ./Admin.dll) Robert D. (Sep 18)
- Re: Admin.dll (strings ./Admin.dll) TJ Jablonowski (Sep 18)
- Re: Admin.dll (strings ./Admin.dll) Gary Flynn (Sep 18)
- Re: Admin.dll (strings ./Admin.dll) Gary Flynn (Sep 18)
- <Possible follow-ups>
- Re: RE: Admin.dll (strings ./Admin.dll) Steve Hoult (Sep 18)
- Re: Admin.dll (strings ./Admin.dll) Robert D. (Sep 18)