[8609] in bugtraq

home help back first fref pref prev next nref lref last post

The Son of Cuartango Hole

daemon@ATHENA.MIT.EDU (condor@SEKURE.ORG)
Fri Nov 20 13:18:58 1998

Date: 	Thu, 19 Nov 1998 13:51:49 -0200
Reply-To: condor@SEKURE.ORG
From: condor@SEKURE.ORG
To: BUGTRAQ@NETSPACE.ORG

---------- Forwarded message ----------
Date: Wed, 18 Nov 1998 17:08:40 +0100
From: Juan Carlos Garcia Cuartango <cuartangojc@MX3.REDESTB.ES>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Subject: The Son of Cuartango Hole

Gentlemen,
I have discovered a new Internet Explorer 4 vulnerability, I have called It "The Son of Cuartango Hole".
It is in fact a variant of the Cuartango Hole issue (Microsoft called It the Untrusted Scripted Paste, USP vulnerability) .
I reported this new hole to Microsoft one week ago and they have released an "updated security bulletin" http://www.microsoft.com/security/bulletins/ms98-015.asp and an "updated USP patch
Risks involved are exactly the same that in the Cuartango Hole.
Your computer files can be stolen when you visit a malicious WEB page or if you receive an e-mail with the malicious script.
Technical details are available in my site :
http://pages.whowhere.com/computers/cuartangojc/
Regards,
Juan Carlos G. Cuartango


-condor
www.sekure.org
 s e k u r e

pgp key available at: http://condor.sekure.org/condor.asc

home help back first fref pref prev next nref lref last post