-
February 2nd, 2004, 10:13 PM
#1
New M$ IE cumulative patch MS04-004
M$ just issued a new IE cumlative patch that fixes a bunch of nasty vulnerabilities, some of which have been previously discovered and released to public quite a while ago.
Some highlights of patch:- Overall severity deemed _Critical_
- Basic Authentication feature functionality change!!! Involves parsing of URLs with special characters: this is the "www.paypal.com@hacker-web-site.com" vulnerability where you only see www.paypal.com show up (in this example). M$ is FINALLY removing this _feature_ -kudos to them! This update removes handling of user names and passwords in HTTP and HTTPS
- Cross-domain security model vulneraiblity resulting in execution of script in Local Machine zone
- Drag and drop operation during dynamic HTML events allowing a file saved in target location on user's system
Link to M$ bulletin MS04-004 http://www.microsoft.com/technet/sec...n/MS04-004.asp
-
February 2nd, 2004, 10:17 PM
#2
It's about time! Download immediately, folks.
Windows 9x: n. A collection of 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor. Written by a 2 bit company that can\'t stand 1 bit of competition.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|