Results 1 to 2 of 2

Thread: New M$ IE cumulative patch MS04-004

  1. #1

    New M$ IE cumulative patch MS04-004

    M$ just issued a new IE cumlative patch that fixes a bunch of nasty vulnerabilities, some of which have been previously discovered and released to public quite a while ago.

    Some highlights of patch:
    • Overall severity deemed _Critical_
    • Basic Authentication feature functionality change!!! Involves parsing of URLs with special characters: this is the "" vulnerability where you only see show up (in this example). M$ is FINALLY removing this _feature_ -kudos to them! This update removes handling of user names and passwords in HTTP and HTTPS
    • Cross-domain security model vulneraiblity resulting in execution of script in Local Machine zone
    • Drag and drop operation during dynamic HTML events allowing a file saved in target location on user's system

    Link to M$ bulletin MS04-004

  2. #2
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    It's about time! Download immediately, folks.
    Windows 9x: n. A collection of 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor. Written by a 2 bit company that can\'t stand 1 bit of competition.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts