RE: MSIE 5.5/6 Q312461 patch disclose patch information

From: SCG - Network Administrator (adminat_private)
Date: Mon Nov 19 2001 - 23:01:40 PST

Next message: Hung Vu: "Re: Where else?"

Previous message: qDefense Penetration Testing: "Hypermail SSI Vulnerability"
In reply to: KOJIMA Hajime: "MSIE 5.5/6 Q312461 patch disclose patch information"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>   IE 6:
>     Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Q312461)
>   IE 5.5 SP2:
>     Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)
>
>   You can find vulnerable IE 5.5/6 very easily...

I can confirm that also with:

	 Windows NT4 SP6a + Q299444i + IE 5.5 SP2 (and 6.0) + Q312461 - all polish
	 Windows 2000 SP2 + IE 6.0 +312461 - all polish

This could be used to do a selective, web-based attack against IE, but can
be also hidden very easily.
You can modify the UserAgent setting via registry or a web-proxy (like
squid).

I wouldn't see it as a big security threat.
Would you?

--
Lukasz 'ptashek' Szmit

Next message: Hung Vu: "Re: Where else?"
Previous message: qDefense Penetration Testing: "Hypermail SSI Vulnerability"
In reply to: KOJIMA Hajime: "MSIE 5.5/6 Q312461 patch disclose patch information"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Nov 20 2001 - 07:01:40 PST