RE: Update and comments on the MS02-023 patch, holes still remain

• Previous message: Mandrake Linux Security Team: "MDKSA-2002:032 - tcpdump update"
• Maybe in reply to: Thor Larholm: "Update and comments on the MS02-023 patch, holes still remain"
• Next in thread: Andrew Clover: "Re: Update and comments on the MS02-023 patch, holes still remain"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In my comments I wrote that the cssText vulnerability appeared to be
patched. After further testing and research I will have to correct myself,
as the issue is not patched at all.

To sum it up:

On February 18, GreyMagic discovered a vulnerability in the cssText property
of imported stylesheets. After Microsoft had researched it for 44 days
GreyMagic released their advisory on April 2. According to the MS02-023
bulletin released by Microsoft on May 15, this vulnerability should now be
patched. However, using a simple HTTP redirect circumvents this new
'protection'.

I seem not to be the only one who has discovered this fact. GreyMagic
Software have updated their advisory on the cssText vulnerability and
bundled a new example that works "post MS02-023", which can be found at

http://sec.greymagic.com/adv/gm004-ie/


Regards
Thor Larholm
Jubii A/S - Internet Programmer

• Next message: Chad Loder: "Re: dH team & SECURITY.NNOV: special device access, information leakage and DoS in Outlook Express"
• Previous message: Mandrake Linux Security Team: "MDKSA-2002:032 - tcpdump update"
• Maybe in reply to: Thor Larholm: "Update and comments on the MS02-023 patch, holes still remain"
• Next in thread: Andrew Clover: "Re: Update and comments on the MS02-023 patch, holes still remain"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 17 2002 - 08:21:46 PDT