[Am-info] IE Patch Opens up a Hole
Fred A. Miller
fm@cupserv.org
Wed, 9 Jan 2002 15:26:58 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
IE Patch Opens up a Hole
Security bug hunter Georgi Guninski has discovered yet another Internet
Explorer (IE) hole, this one apparently the result of an earlier IE
patch for versions 5.5 and 6.0. The hole in the GetObject JScript
function could allow attackers to execute programs on the affected
computer. Guninski recommends disabling active scripting or simply
not using IE.
http://cgi.zdnet.com/slink?167047
[Editor's (Murray) Note: Given that there is a limited amount of change
that we can tolerate and given that patches are never applied to all
systems and rarely even to most, Microsoft should fix things in the
order of their importance rather than in the order of their discovery.
(Guninski gets publicity only when MS fails to fix something on
his schedule.)]
- --
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8PKeSIhTtc6nTZIIRAhORAJ9X7vabD8Wlydvs50q+BIUEslqrHQCfWETs
iVufACW6+BMQGLNjdWWQXwA=
=S7w0
-----END PGP SIGNATURE-----