Another Cumulative Patch for Internet Explorer

[Tom R.]

Title: Cumulative Patch for Internet Explorer Execution (828750)
Date: October 3, 2003
Software:
Internet Explorer 5.01
Internet Explorer 5.5
Internet Explorer 6.0
Internet Explorer 6.0 for Windows Server 2003
Impact: Run code of attacker's choice.
Maximum Severity Rating: Critical
Bulletin: MS03-040

The Microsoft Security Response Center has released Microsoft Security
Bulletin MS03-040

What Is It?
The Microsoft Security Response Center has released Microsoft Security
Bulletin MS03-040 which concerns a vulnerability in Internet Explorer.
Customers are advised to review the information in the bulletin, test and
deploy the patch immediately in their environments, if applicable.

More information is now available at
http://www.microsoft.com/technet/sec...n/MS03-040.asp

The October 2003 Cumulative Patch for Internet Explorer is available via
Windows Update. Please disable your anti-virus application and close all
other running Windows-based processes before going to Windows Update to
download/install this patch.
http://v4.windowsupdate.microsoft.com/en/default.asp

[Robin T Cox]

"Tom R." <tom42344@snotmail.com> wrote in
news:vnte77bmoq1q4d@corp.supernews.com:

> Title: Cumulative Patch for Internet Explorer Execution (828750)
> Date: October 3, 2003
>
I installed this patch today. But even so, with Activex enabled my IE6
still fails the Secunia test:
http://www.secunia.com/MS03-032/

[Roy]

In article <Xns940AA464D2719robin2803@194.168.222.40>, robin2803
@hotmail.com says...

> I installed this patch today. But even so, with Activex enabled my IE6
> still fails the Secunia test:
> http://www.secunia.com/MS03-032/
>

I've always understood that by enabling Activex on a page you were
effectively allowing any code to be run remotely on your PC, so why are
you surprised?

But I'm no expert, so perhaps one of those would care to confirm or deny
that.

Cheers,

Roy

[Jay T. Blocksom]

On Sat, 4 Oct 2003 22:25:33 +0100, in <alt.privacy.spyware>, Roy
<z.5.RoyDent@spamgourmet.com> wrote:
>
[snip]
>
> I've always understood that by enabling Activex on a page you were
> effectively allowing any code to be run remotely on your PC, so why are
> you surprised?
>
[snip]

Well, not exactly "any code"; but you've got the basic concept right.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[Little Johnny]

"Jay T. Blocksom" <usenet01+SPAMBLOCK@appropriate-tech.net> wrote in message
news:shc6ovkfq5qcg5n3h7smbqn7ieobm7gj1l@news.rcn.c om...
> On Sat, 4 Oct 2003 22:25:33 +0100, in <alt.privacy.spyware>, Roy
> <z.5.RoyDent@spamgourmet.com> wrote:
> >
> [snip]
> >
> > I've always understood that by enabling Activex on a page you were
> > effectively allowing any code to be run remotely on your PC, so why are
> > you surprised?
> >
> [snip]
>
> Well, not exactly "any code"; but you've got the basic concept right.
>
usenet01@appropriate-tech.net
>
> Jay T. Blocksom
> --------------------------------
> Appropriate Technology, Inc.
> usenet01[at]appropriate-tech.net
>
>
> "They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety."
> -- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
> NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to
mail.
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
> Unsolicited advertising sent to this E-Mail address is expressly
prohibited
> under USC Title 47, Section 227. Violators are subject to charge of up to
> $1,500 per incident or treble actual costs, whichever is greater.
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-

[joebee]

My pc passed with flying colours.
"Robin T Cox" <robin2803@hotmail.com> wrote in message
news:Xns940AA464D2719robin2803@194.168.222.40...
> "Tom R." <tom42344@snotmail.com> wrote in
> news:vnte77bmoq1q4d@corp.supernews.com:
>
> > Title: Cumulative Patch for Internet Explorer Execution (828750)
> > Date: October 3, 2003
> >
> I installed this patch today. But even so, with Activex enabled my IE6
> still fails the Secunia test:
> http://www.secunia.com/MS03-032/
>
>
>
>

[|3iff //ullins]

lucat bene, der "joebee" <joebee@home.com.au> goh, a hunnert truxx
inero, sumwit kowz n' sumwit duxx on Sun, 05 Oct 2003 00:04:22 GMT:

>"Robin T Cox" <robin2803@hotmail.com> wrote in message
>news:Xns940AA464D2719robin2803@194.168.222.40.. .
>> "Tom R." <tom42344@snotmail.com> wrote in
>> news:vnte77bmoq1q4d@corp.supernews.com:
>>
>> > Title: Cumulative Patch for Internet Explorer Execution (828750)
>> > Date: October 3, 2003
>> >
>> I installed this patch today. But even so, with Activex enabled my IE6
>> still fails the Secunia test:
>> http://www.secunia.com/MS03-032/
>>
>My pc passed with flying colours.
>

ditto.
(your top-post has been corrected.)

--
as surreal as it gets.
http://www.nasosov.com

[Little Johnny]

Mine passed the test.


"Robin T Cox" <robin2803@hotmail.com> wrote in message
news:Xns940AA464D2719robin2803@194.168.222.40...
> "Tom R." <tom42344@snotmail.com> wrote in
> news:vnte77bmoq1q4d@corp.supernews.com:
>
> > Title: Cumulative Patch for Internet Explorer Execution (828750)
> > Date: October 3, 2003
> >
> I installed this patch today. But even so, with Activex enabled my IE6
> still fails the Secunia test:
> http://www.secunia.com/MS03-032/
>
>
>
>

[Lance Hill]

"Robin T Cox" <robin2803@hotmail.com> wrote...
> "Tom R." <tom42344@snotmail.com> wrote:
>
> > Title: Cumulative Patch for Internet Explorer Execution (828750)
> > Date: October 3, 2003
> >
> I installed this patch today. But even so, with Activex enabled my IE6
> still fails the Secunia test:
> http://www.secunia.com/MS03-032/

The test presented the File Download dialog box with Open, Save and Cancel
buttons.

Since this was a test, I opened it and the resulting page said the dialog
box indicated I was patched with MS03-040 and was not vulnerable.

Lance
*****

[Roy]

In article <blo12h$egird$1@ID-26139.news.uni-berlin.de>,
lltbhill@earthlink.net says...

> The test presented the File Download dialog box with Open, Save and Cancel
> buttons.
>
> Since this was a test, I opened it and the resulting page said the dialog
> box indicated I was patched with MS03-040 and was not vulnerable.
>

And you enabled Activex for this?

Very brave....

Cheers,

Roy