|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: New IE6 security hole
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa
pacbell.net)
Date: Fri Jun 10 2005 - 09:01:06 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
And when I forwarded your email to Securemicrosoft.com [which is what
YOU should have done rather than posting it all over the place] this is
what they posted back to me:
- Microsoft is aware of a public report of a vulnerability affecting
Internet Explorer. The report indicates that Internet Explorer's
default behavior could allow a web page to not display script code when
a user attempts to view the source of the page.
- Our investigation reveals that the behavior described in the public
report is not a vulnerability in the browser. Instead, this is a well
known capability of dynamic html (DHTML) and is a standard feature of
most browsers including Internet Explorer.
- Microsoft is concerned that some security researchers may not know the
appropriate email alias to report security vulnerabilities to the
Microsoft Security Response Center. Securemicrosoft.com is the public
email alias for reporting security vulnerabilities to Microsoft.
- We continue to encourage all security researchers to work with
Microsoft on a confidential basis so that we can work together in
partnership to help protect Microsoft's customers and not put them at
unnecessary risk.
- We continue to encourage customers follow our Protect Your PC guidance
of enabling a firewall, getting software updates, and installing
antivirus software. Customers can learn more about these steps at
www.microsoft.com/protect.
-------------------------------------------
In your contact database... put in securemicrosoft.com and next
time...use that instead.
Development SeniorenNet wrote:
> Hi,
>
>
>
> I discovered a NEW security hole / exploit in IE6 with SP2 and all the
> latest security patches.
>
>
>
> Overview of the exploit:
>
> a.. Bug for all Microsoft Internet Explorer users
> b.. Can be abused by hackers to run harmful JavaScript code and can
> be abused to mislead existing protection against harmful JavaScript
> code, like software from Norton, McAfee,.
> c.. Can be abused to mislead the search engines Google, MSN, Yahoo,
> AltaVista,.
> d.. Unpleasant for JavaScript programmers
>
>
> I searched the net about the bug but found nothing, so I really think
> it is a NEW bug.
>
>
>
> All the information about the new bug (info, exploit,.) , see the page
> http://research.seniorennet.be/Techresearch/Javascript_security_flaw_bug_ie_6/security_flaw_bug_javascript_ie_6_internet_explorer.php
>
>
>
>
>
>
> Best regards,
>
> Pascal Vyncke
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]