• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer Known Local File Script Execution Vulnerability

Solution:
There have been reports that the Microsoft patch does not fully resolve this issue.

Microsoft has released cumulative patches to address this issue. It should be noted, however, that the cumulative patch does not address the issue described in Microsoft Security Bulletin MS02-009 (ie: BugTraq ID 4158 "Microsoft VBScript Same Origin Policy Violation Vulnerability").


Microsoft Internet Explorer 5.5 SP2

• Microsoft Q319182 IE5.5 SP2
  http://download.microsoft.com/download/ie55sp2/secpac26/5.5_sp2/WIN98M e/EN-US/q319182.exe

Microsoft Internet Explorer 5.5 SP1

• Microsoft Q319182 IE5.5 SP1
  http://download.microsoft.com/download/ie55sp1/secpac26/5.5_sp1/WIN98M e/EN-US/q319182.exe

Microsoft Internet Explorer 6.0

• Microsoft Q319182 IE6
  http://download.microsoft.com/download/IE60/secpac26/6/W98NT42KMeXP/EN -US/q319182.exe

Microsoft Internet Explorer 5.0.1 SP2

• Microsoft Q319182 IE5.01 SP2
  http://download.microsoft.com/download/ie501sp2/secpac26/5.01_sp2/W982 KNT4/EN-US/q319182.exe