Microsoft IE Patch doesn't work ; MS03-032
Spinner
Birmingham, UK
It has been reported that the <a target="_blank" href="http://support.microsoft.com/default.aspx?scid=kb;en-us;822925">MS03-032:<a> August 2003 Cumulative Patch for Internet Explorer, doesn't work.
Microsoft has said a new patch is not yet available, but will be shortly.
Source:
http://lists.netsys.com/pipermail/full-disclosure/2003-September/009639.html
Microsoft has said a new patch is not yet available, but will be shortly.
This is a flaw in Microsoft's primary contribution to HTML, the Object tag, which is used to embed basically all ActiveX into HTML pages. The parameter that specifies the remote location of data for objects is not checked to validate the nature of the file being loaded, and therefore trojan executables may be run from within a webpage as silently and as easily as Internet Explorer parses image files or any other "safe" HTML content.
Source:
http://lists.netsys.com/pipermail/full-disclosure/2003-September/009639.html
0
Comments
Spinner, I remind you this is MICROSOFT we're talking about here. The only time their products are newsworthy is when they do work.
Noted.;)