Fwd: Patching patches
Giovanni Coppa
giannicoppa@yahoo.it
Gio 13 Giu 2002 22:06:42 CEST
> From Georgi Guninski Thu Jun 13 07:01:41 2002
> Data: Thu, 13 Jun 2002 17:01:41 +0300
> Da: Georgi Guninski <guninski@guninski.com>
> A: security@guninski.com
> Oggetto: Patching patches
>
> Microsoft Security Bulletin MS02-022 at
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-022.asp
> is fun to read - especially this one from the above
> bulletin:
> -----
> But, I've heard that it's possible for an attacker
> to force this control to
> download without my knowing it, is that true?
>
> Not exactly
> -----
> lol
> Seems similar to:
> Digitally signing buggy ActiveX components (version
> 2.0) at
> http://www.guninski.com/signedactivex2.html
> (which the bugtraq moderator did not pass to the
> bugtraq list ;)
> and is still not fixed IMHO.
>
> Can someone confirm or deny the proof of concept at
> the above url still works?
>
> Have nice windoze patching,
> Georgi Guninski
> http://www.guninski.com
>
>
>
>
>
>
>
> ----------------------
> You may visit Guninski Security Mailing List page at
> http://www.guninski.com/mailinglist.html
> ----------------------
______________________________________________________________________
Corri in negozio! Ti aspetta il CD originale Levi's Freedom to Move.
Per saperne di pił: http://it.yahoo.com/mail_it/foot/?http://it.promotions.yahoo.com/levis
Maggiori informazioni sulla lista
lugischia