Re: XML scripting in IE, Outlook Express

From: Francis Favorini (francis.favoriniat_private)
Date: Wed Apr 25 2001 - 10:39:39 PDT

Next message: Farley, Tim (ISSAtlanta): "Re: XML scripting in IE, Outlook Express"

Previous message: Ariel Waissbein: "Re: OpenSSL-0.9.6a has security fixes"
Maybe in reply to: Georgi Guninski: "XML scripting in IE, Outlook Express"
Next in thread: Farley, Tim (ISSAtlanta): "Re: XML scripting in IE, Outlook Express"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Georgi Guninski [mailto:guninskiat_private]
> I continue to believe all versions of IE 5.x are vulnerable.
> [...]
> 3. If you see a message box "This is VBscript"  then you are
> vulnerable because this message is produced by active scripting which is
disabled in (1).

Not vulnerable:

NT 4.0 SP6a with these hotfixes:
Q243649 Q246045 Q243835(reissued) Q248183 Q249108 Q259622 Q259728 Q264684
Q266433 Q275567 Q280119 Q296441
and IE 5.5 SP1 with these hotfixes:
VM3802 Q279328 Q283908 Q286045 Q280768(WSH 5.5 second version) Q290108
Q293818
and (for completeness) O2K SR1 with these hotfixes:
Q262767 Q268365 Q269252 Q269880 Q274226 Q282132 Q285978(reissued)

-Francis

Next message: Farley, Tim (ISSAtlanta): "Re: XML scripting in IE, Outlook Express"
Previous message: Ariel Waissbein: "Re: OpenSSL-0.9.6a has security fixes"
Maybe in reply to: Georgi Guninski: "XML scripting in IE, Outlook Express"
Next in thread: Farley, Tim (ISSAtlanta): "Re: XML scripting in IE, Outlook Express"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 01:03:00 PDT