[20015] in bugtraq
Re: User may be fooled to execute programs browsing with IE5.1
daemon@ATHENA.MIT.EDU (Gary Flynn)
Wed Apr 4 05:22:23 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <3ACA41AE.B457FF21@jmu.edu>
Date: Tue, 3 Apr 2001 17:33:34 -0400
Reply-To: Gary Flynn <flynngn@JMU.EDU>
From: Gary Flynn <flynngn@JMU.EDU>
X-To: Microsoft Security Response Center <secure@MICROSOFT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Microsoft Security Response Center wrote:
>
> The dialogue
> is displayed if you try to install the patch on anything other than
> IE 5.01 Service Pack 1 or IE 5.5 Service Pack 1, and the text of the
> dialogue is incorrect. This error has been present in several recent
> IE patches, and we're working to ensure that it's not present in
> future ones.
Perhaps the situation could be helped if the security bulletin
specified what *specific* versions the patches applied to. As
far as I can tell from the Internet Explorer version decode
page at:
http://support.microsoft.com/support/kb/articles/Q164/5/39.ASP
the only versions supported by the patch are:
5.00.3103.1000
5.00.3105.0106
5.50.4522.1800
I tried to incorporate this information in my instructions at:
http://www.jmu.edu/computing/info-security/engineering/issues/iemime.shtml
By the way. Any word on a release date for IE5.5sp2? It would
sure make upgrading 13,000 computers here easier :)
thanks,
--
Gary Flynn
Security Engineer - Technical Services
James Madison University
Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/info-security/engineering/runsafe.shtml
