OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Georgi Guninski (guninskiGUNINSKI.COM)
Date: Thu Jun 13 2002 - 09:20:02 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Microsoft Security Bulletin MS02-022 at
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-022.asp
    is fun to read - especially this one from the above bulletin:
    -----
    But, I've heard that it's possible for an attacker to force this control to
    download without my knowing it, is that true?

    Not exactly
    -----
    lol
    Seems similar to:
    Digitally signing buggy ActiveX components (version 2.0) at
    http://www.guninski.com/signedactivex2.html
    and is still not fixed IMHO.

    Can someone confirm or deny the proof of concept at the above url still works?

    Have nice windoze patching,
    Georgi Guninski
    http://www.guninski.com