Microsoft IE Patch doesn't work ; MS03-032

SpinnerSpinner Birmingham, UK
edited September 2003 in Science & Tech
It has been reported that the <a target="_blank" href="http://support.microsoft.com/default.aspx?scid=kb;en-us;822925">MS03-032:<a&gt; August 2003 Cumulative Patch for Internet Explorer, doesn't work.

Microsoft has said a new patch is not yet available, but will be shortly.
This is a flaw in Microsoft's primary contribution to HTML, the Object tag, which is used to embed basically all ActiveX into HTML pages. The parameter that specifies the remote location of data for objects is not checked to validate the nature of the file being loaded, and therefore trojan executables may be run from within a webpage as silently and as easily as Internet Explorer parses image files or any other "safe" HTML content.

Source:
http://lists.netsys.com/pipermail/full-disclosure/2003-September/009639.html

Comments

  • qparadoxqparadox Vancouver, BC
    edited September 2003
    *sigh* no further comment.
  • Geeky1Geeky1 University of the Pacific (Stockton, CA, USA)
    edited September 2003
    I'm sorry... this is news why?

    Spinner, I remind you this is MICROSOFT we're talking about here. The only time their products are newsworthy is when they do work. :rolleyes:;D
  • SpinnerSpinner Birmingham, UK
    edited September 2003
    Geeky1 said
    I'm sorry... this is news why?

    Spinner, I remind you this is MICROSOFT we're talking about here. The only time their products are newsworthy is when they do work. :rolleyes:;D

    Noted.;)
Sign In or Register to comment.