MS Bulletin MS03-014 - Cumulative Patch for Outlook Express
A vulnerability exists in the MHTML URL Handler that allows any file that can be rendered as text to be opened and rendered as part of a page in Internet Explorer. As a result, it would be possible to construct a URL that referred to a text file that was stored on the local computer and have that file render as HTML. If the text file contained script, that script would execute when the file was accessed. Since the file would reside on the local computer, it would be rendered in the Local Computer Security Zone. Files that are opened within the Local Computer Zone are subject to fewer restrictions than files opened in other security zones...continued
MS Bulletin MS03-015 Cumulative Patch for Internet Explorer
In addition to eliminating the a number of recent vulnerabilities, this patch also includes a fix for Internet Explorer 6.0 SP1 that corrects the method by which Internet Explorer displays help information in the local computer zone. While we are not aware of a method to exploit this vulnerability by itself, if it were possible to exploit it, it could allow an attacker to read local files on a visiting user?s system. This patch also sets the Kill Bit on the Plugin.ocx ActiveX control which has a security vulnerability. This killbit has been set in order to ensure that the vulnerable control cannot be reintroduced onto users? systems and to ensure that users who already have the vulnerable control on their system are protected. This issue is discussed further in Microsoft Knowledge Base Article 813489...continued...
Cumulative Patch for Outlook Express and IE
No replies to this topic
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users