[4697] in WWW Security List Archive
Re: Big IE hole
daemon@ATHENA.MIT.EDU (Jesse Whyte)
Thu Mar 6 15:58:19 1997
Date: Thu, 06 Mar 1997 13:21:52 -0500
From: Jesse Whyte <jesse@eac.com>
Reply-To: jesse@eac.com
To: jay@homecom.com
CC: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
For what it's worth, I don't think that the risk could possibly be that
great. The fix shouldn't affect anything except how the browser handles
the two types of files, and while you may see performance problems if
someone was designed a page to exploit the problem (hopefully not
maliciousely) I would think that the risk of NOT getting the patch would
be too high, especially with the extrodinary amounts of press and
attention this bug has received.
Jesse
Jay Heiser wrote:
>
> I submit that the risk of using some hastily patched up executable
> is greater than the risk of actually encountering hostile code.
>
> I plan on updating, but I'm going to wait a week or two.
>
> >Marcus Fredriksson wrote:
> >
> > The update is now available for english versions of IE 3.01 on the
> > following address:
> > >
> > > http://www.microsoft.com/ie/security/ie301afix.htm
> > >
> > >I downloaded and tested and all seem OK.
> > >
> > >Marcus
> > ------------------------- Innovative Media AB ------------------------
> > Marcus Fredriksson Phone: +46-31-7724244
> > marcusf@innovative.se Mobile: +46-707-401135
> > http://www.innovative.se/ Fax: +46-31-7009510
> > ------------ Sven Hultins Gata 9c, S-412 88 Goteborg, SWEDEN -----------
>
> --
> Jay Heiser, 703-610-6846, jay@homecom.com
> Homecom Internet Security Services
> http://www.homecom.com/services/hiss
> For company & industry news...subscribe to newsletter@homecom.com
--
***********************************************************************
Jesse Whyte EAC Network Integrators
Security Analyst Trumbull, CT
jesse@eac.com http://www.eac.com
(203) 371-2441
