PDA

View Full Version : Critical IE patch



03-04-2002, 03:06 PM
Internet Explorer patch: March 28

This is a cumulative patch that includes the functionality of all
previously released patches for IE 5.01, 5.5 and IE 6. In addition, it eliminates the following two newly discovered vulnerabilities:

- A vulnerability in the zone determination function that could allow a script embedded in a cookie to be run in the Local Computer zone. While HTML scripts can be stored in cookies, they should be handled in the same zone as the hosting site associated with them, in most cases the Internet zone. An attacker could place script in a cookie that would be saved
to the user's hard disk. When the cookie was opened by the
site the script would then run in the Local Computer zone, allowing it to run with fewer restrictions than it would otherwise have.

- A vulnerability in the handling of object tags that could allow an attacker to invoke an executable already present on the user's machine. A malicious user could create HTML web page that includes this object tag and cause a local program to run on the victim's machine.

Affected Software:

Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0

Maximum Severity Rating: Critical

Download for patch:

http://www.microsoft.com/windows/ie...182/default.asp

http://www.microsoft.com/technet/tr...in/ms02-015.asp

03-04-2002, 04:04 PM
For those with Windows XP you'll find these patchs automatically available to download if you have the auto updater activated.

A very handy XP tool =)

03-04-2002, 04:06 PM
Full address here:
http://www.microsoft.com/technet/security/bulletin/MS02-015.asp

03-04-2002, 04:31 PM
Ooops, sorry about the bad links. I'll try again:

http://www.microsoft.com/windows/ie/downloads/critical/Q319182/default.asp

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-015.asp