[23198] in bugtraq
RE: MSIE 5.5/6 Q312461 patch disclose patch information
daemon@ATHENA.MIT.EDU (SCG - Network Administrator)
Tue Nov 20 10:00:30 2001
Reply-To: <admin@scg.gliwice.pl>
From: "SCG - Network Administrator" <admin@scg.gliwice.pl>
To: <bugtraq@securityfocus.com>
Date: Tue, 20 Nov 2001 08:01:40 +0100
Message-ID: <DAECKKCPCBMDPJHHMGFBMEOOCBAA.admin@scg.gliwice.pl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <14484.1006138635@ideon.st.ryukoku.ac.jp>
> IE 6:
> Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Q312461)
> IE 5.5 SP2:
> Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)
>
> You can find vulnerable IE 5.5/6 very easily...
I can confirm that also with:
Windows NT4 SP6a + Q299444i + IE 5.5 SP2 (and 6.0) + Q312461 - all polish
Windows 2000 SP2 + IE 6.0 +312461 - all polish
This could be used to do a selective, web-based attack against IE, but can
be also hidden very easily.
You can modify the UserAgent setting via registry or a web-proxy (like
squid).
I wouldn't see it as a big security threat.
Would you?
--
Lukasz 'ptashek' Szmit
