BugTraq
RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Sep 08 2003 07:16PM
ADBecker chmortgage com (2 replies)
Re: [Full-Disclosure] RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Sep 09 2003 05:23AM
Nick FitzGerald (nick virus-l demon co uk)
RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Sep 08 2003 09:55PM
Drew Copley (dcopley eeye com) (1 replies)
RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Sep 09 2003 08:17PM
Nathan Wallwork (owen pungent org) (1 replies)
On Mon, 8 Sep 2003, Drew Copley wrote:
> The only sure way to detect this, I already wrote about [to Bugtraq]. That
> is by setting a firewall rule which blocks the dangerous mimetype string
> [Content-Type: application/hta]. Everything else in the exploit can change.

Just so we are clear, the firewall wouldn't tbe he right place to catch
this because that string could be split by packet fragmentation, so you'd
need to look for it at an application level, after the data stream
has been reassembled.

Of course, if anyone thinks it is easier to protect their browser with a
proxy than fix the browser they've got other issues.

[ reply ]
RE: BAD NEWS: Microsoft Security Bulletin MS03-032 Sep 09 2003 08:51PM
Drew Copley (dcopley eeye com) (1 replies)
Re: BAD NEWS: Microsoft Security Bulletin MS03-032 Sep 12 2003 08:59PM
Crist J. Clark (cristjc comcast net)


 

Privacy Statement
Copyright 2010, SecurityFocus