[20456] in bugtraq
Re: XML scripting in IE, Outlook Express
daemon@ATHENA.MIT.EDU (Francis Favorini)
Thu Apr 26 04:04:30 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="koi8-r"
Message-ID: <E525222439A3D111B5F600609712CBED19761A@broca.biac.duke.edu>
Date: Wed, 25 Apr 2001 13:39:39 -0400
Reply-To: Francis Favorini <francis.favorini@DUKE.EDU>
From: Francis Favorini <francis.favorini@DUKE.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
From: Georgi Guninski [mailto:guninski@GUNINSKI.COM]
> I continue to believe all versions of IE 5.x are vulnerable.
> [...]
> 3. If you see a message box "This is VBscript" then you are
> vulnerable because this message is produced by active scripting which is
disabled in (1).
Not vulnerable:
NT 4.0 SP6a with these hotfixes:
Q243649 Q246045 Q243835(reissued) Q248183 Q249108 Q259622 Q259728 Q264684
Q266433 Q275567 Q280119 Q296441
and IE 5.5 SP1 with these hotfixes:
VM3802 Q279328 Q283908 Q286045 Q280768(WSH 5.5 second version) Q290108
Q293818
and (for completeness) O2K SR1 with these hotfixes:
Q262767 Q268365 Q269252 Q269880 Q274226 Q282132 Q285978(reissued)
-Francis
