[12642] in bugtraq
Re: Microsoft Security Bulletin (MS99-043)
daemon@ATHENA.MIT.EDU (John Madden)
Thu Nov 18 12:15:28 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <3833F1E5.5976E3F@avenir.dhs.org>
Date: Thu, 18 Nov 1999 07:32:37 -0500
Reply-To: John Madden <weez@AVENIR.DHS.ORG>
From: John Madden <weez@AVENIR.DHS.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
> Patch Available for "Javascript Redirect" Vulnerability
> Originally Posted: October 18, 1999
> Re-released: November 17, 1999
>
> Summary
> =======
> On October 18, 1999, Microsoft released the original version of this
> bulletin, in order to advise customers of a workaround for a vulnerability
> in Microsoft(r) Internet Explorer. The vulnerability could allow a
> malicious web site operator to read files on the computer of a user who
> visited the site, under certain circumstances. Microsoft has completed a
> patch that completely eliminates the vulnerability, and has re-released
> this bulletin in order to advise customers of its availability.
Egads, a month for a patch? Who are they kidding?
Note that IE 5.01 is also out, and probably already contains this patch.
