[29312] in bugtraq
Unknown trust error when downloading ocget.dll
daemon@ATHENA.MIT.EDU (Ken Fischer)
Fri Mar 14 18:17:36 2003
Date: Fri, 14 Mar 2003 17:45:42 -0500 (EST)
From: Ken Fischer <kenf@users.junebug.org>
Reply-To: kenf@users.junebug.org
To: bugtraq@securityfocus.com
Message-ID: <Pine.GSO.4.10.10303141712230.26674-100000@users.junebug.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Greetings,
We have run into a problem this afternoon with the copy of
ocget.dll that is located at:
http://codecs.microsoft.com/objects/ocget.dll
It seems that it is either signed improperly, or not at all.
This .dll is loaded automatically by IE when .cab files are
downloaded from the server. Usually it is transparent, if
the signature is ok. Since that is no longer the case, our
users are getting an access denied message due to the security
settings on their browser.
Since ocget.dll is not really a required download, according to Microsoft
( http://support.microsoft.com/default.aspx?scid=kb%3ben-us%3b323207 )
the pages still display correctly.
The users are still blaming our programmers for the problem, of course :)
Not to mention the possible security implications here.
Is anyone else seeing this behavior?
( Verified on: Win2K/IE5.5-SP2, Win2K/IE6.0-SP1 and WinXP/IE6.0 )
Thanks.
--
Ken Fischer, CCNA <kenf@junebug.org>
PGP Fingerprint: 9523 54B6 D67B BBFB 53B3 2F3B 7E81 0891 C495 CB50
--
