[Dshield] Proxy attackers/hijackers

Thor Larholm lists.netsys.com at jscript.dk
Sat Oct 18 05:06:53 GMT 2003


> From: "Thomas Willner" <thomaswillner at elitetraderz.com>
> It has been reported that the official Microsoft patch for this
> vulnerability is not 100% effective in blocking exploitation. At this
> time, there is no fully working solution except disabling ActiveX
> controls and also disabling Active Scripting in IE.

Your reports are almost a month old by now.

> Some links that may be of use in determining your exposure to this
> vulnerability:
>
> Technical Bulletin:
> http://www.microsoft.com/technet/security/bulletin/MS03-032.asp

It may be true that MS03-032 did not fully patch the Object Data vulnerability,
but a revised version has been released for several weeks now. It is called
MS03-040, was released October 3 and it does indeed patch this vulnerability
completely.

http://www.microsoft.com/technet/security/bulletin/ms03-040.asp


Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
http://pivx.com/larholm/ - Get our research, join our mailinglist




More information about the list mailing list