[Dshield] MS05-054 IE patch

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Wed Dec 14 18:00:23 GMT 2005


On Wed, 14 Dec 2005 11:35:10 EST, "Johannes B. Ullrich" said:
> Paul Marsh wrote:
> >   Has anyone tested this to see if it does in fact mitigate the exploit?
> 
> I tested it and it did prevent the exploit from working. You will still
> see the corrupted form, but thats about it. I used the PoC from
> computerterrorism to test.

Just remember - this wouldn't be the first time that Microsoft has shipped a
patch that stops the *known exploit* but fails to fix the actual problem,
resulting in another subtly different exploit surfacing a few weeks later....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20051214/b7747350/attachment.bin


More information about the list mailing list