|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] Official IFRAME patch - make sure it installs correctly
From: Raoul Nakhmanson-Kulish (raoul
elforsoft.com)
Date: Thu Dec 02 2004 - 10:57:39 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello, Berend-Jan Wever!
> The IFRAME vulnerability has been patched, see
> http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx
Oh! Thanks, God!
Good that nobody has hit upon an idea until now about exploiting this to
launch self-spreading mail virus without user interaction by putting
iframe into HTML message body: this hole is exploitable even in
restricted zone and millions of OE and Outlook lemmings would be doomed.
Such thought visited me nearly right away when I had known this issue.
--
Best regards,
Raoul Nakhmanson-Kulish
Elfor Soft Ltd.,
ERP Department
http://www.elforsoft.ru/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]