Another batch of Windows Updates??? WTF?!?

Toggle sidebar Toggle sidebar
A

acemcmac

Lifer
Mar 31, 2003
13,712
1
0
Does anyone know 'exactly' what the kb828750 IE patch does? The microsoft whitepapers are really vague and I have had it up to my eyeballs with troubleshooting the fallout of of misapplication of these patches in the last few months. Blaster and the 135 voulnerabilities... what are we getting into this time? Any ideas?

knowledge is power...
 
Muse

Muse

Lifer
Jul 11, 2001
40,875
10,222
136
That's part of the m.o. of mega-corporations. They pander to the laziness in people.
 
L

lowtech1

Diamond Member
Mar 9, 2000
4,644
1
0

Microsoft Security Bulletin MS03-040
Cumulative Patch for Internet Explorer (828750)
Originally posted: October 3, 2003

Expand & Read Technical details/Frequently asked questions:


Technical description:


This is a cumulative patch that includes the functionality of all previously released patches for Internet Explorer 5.01, 5.5 and 6.0. In addition, it eliminates the following newly discovered vulnerabilities:


A vulnerability that occurs because Internet Explorer does not properly determine an object type returned from a Web server in a popup window. It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it could be possible for the attacker to exploit this vulnerability without any other user action. An attacker could also craft an HTML?based e-mail that would attempt to exploit this vulnerability.
A vulnerability that occurs because Internet Explorer does not properly determine an object type returned from a Web server during XML data binding. It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it could be possible for the attacker to exploit this vulnerability without any other user action. An attacker could also craft an HTML?based e-mail that would attempt to exploit this vulnerability.

In addition, a change has been made to the method by which Internet Explorer handles Dynamic HTML (DHTML) Behaviors in the Internet Explorer Restricted Zone. It could be possible for an attacker exploiting a separate vulnerability (such as one of the two vulnerabilities discussed above) to cause Internet Explorer to run script code in the security context of the Internet Zone. In addition, an attacker could use Windows Media Player?s (WMP) ability to open URLs to construct an attack. An attacker could also craft an HTML-based e-mail that could attempt to exploit this behavior...

 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom