Microsoft Security Bulletin MS03-040 Cumulative Patch for Internet Explorer (828750)

K

Kenrick Fu

Title: Cumulative Patch for Internet Explorer Execution (828750)
Date: October 3, 2003
Software:
Internet Explorer 5.01
Internet Explorer 5.5
Internet Explorer 6.0
Internet Explorer 6.0 for Windows Server 2003
Impact: Run code of attacker's choice.
Maximum Severity Rating: Critical
Bulletin: MS03-040

The Microsoft Security Response Center has released Microsoft Security
Bulletin MS03-040

What Is It?
The Microsoft Security Response Center has released Microsoft Security
Bulletin MS03-040 which concerns a vulnerability in Internet Explorer.
Customers are advised to review the information in the bulletin, test and
deploy the patch immediately in their environments, if applicable.

More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-040.asp
 
D

davetest

Title: Cumulative Patch for Internet Explorer Execution (828750)
Date: October 3, 2003
Software:
Internet Explorer 5.01
Internet Explorer 5.5
Internet Explorer 6.0
Internet Explorer 6.0 for Windows Server 2003
Impact: Run code of attacker's choice.
Maximum Severity Rating: Critical
Bulletin: MS03-040

The Microsoft Security Response Center has released Microsoft Security
Bulletin MS03-040

What Is It?
The Microsoft Security Response Center has released Microsoft Security
Bulletin MS03-040 which concerns a vulnerability in Internet Explorer.
Customers are advised to review the information in the bulletin, test and
deploy the patch immediately in their environments, if applicable.

More information is now available at
http://www.microsoft.com/technet/security/bulletin/MS03-040.asp
Click to expand...
related to this newstory perhaps?
http://zdnet.com.com/2100-1105_2-5085861.html
Dave
 
D

davetest

Thanks, Kenrick!
I'm downloading it as I type.
Click to expand...
One interesting thing - the WMP patch doesn't mention
WMP 8.x at all.
Either that's a (not so) subtle hint that M$ wants everybody
to migrate to WMP 9, or the patch is N/A to WMP 8.

My guess is the former.
Dave
 
D

davetest

QHosts is a Trojan. The IE CumPatch is related to this:
http://www.nsclean.com/exploit.htm
Click to expand...
Thanks for the update.
Microsoft should be ashamed of themselves.
It would be a kindness to think that security was somewhat of an
after thought in the design of IE; but I think it's worse than that.
I don't think they considered it at all.


Dave
 
R

rory

'Still, few reports of the Trojan horse have emerged, according to Vincent
Weafer, the senior director of the incident response team at security
company Symantec.

"We have less than a handful of people reporting the issue," he said. '

Because everyone is reporting it HERE, instead!
 
R

rory

I meant "here" in a general sense.
By the way , I have yet to figure out "ROFL," though I can easily guess the
"F." All the other acronyms are obvious, but...?
 
J

Jim Macklin

Rolling on the floor, laughing out loud to finish the
saying.

| I meant "here" in a general sense.
| By the way , I have yet to figure out "ROFL," though I can
easily guess the
| "F." All the other acronyms are obvious, but...?
|
|
| | > <ROFL> Visit the IE newsgroups, Rory! Gees...
| > --
| > ~PA Bear
| >
| > rory wrote:
| > >> 'Still, few reports of the Trojan horse have emerged,
according to
| > >> Vincent Weafer, the senior director of the incident
response team at
| > >> security company Symantec.
| > >>
| > >> "We have less than a handful of people reporting the
issue," he said. '
| > >>
| > >> Because everyone is reporting it HERE, instead!
| > >>>>> <snip>
| > >>>>> related to this newstory perhaps?
| > >>>>> http://zdnet.com.com/2100-1105_2-5085861.html
| > >>>
| > >>> QHosts is a Trojan. The IE CumPatch is related to
this:
| > >>> http://www.nsclean.com/exploit.htm
| > >>> --
| > >>> HTH...Please post back to this thread
| > >>>
| > >>> ~Robear Dyer (aka PA Bear)
| > >>> MS MVP-Windows (IE/OE)
| > >>> http://mvp.support.microsoft.com
| > >>> AH-VSOP
| > >>> http://forum.aumha.org/
|
|
 
J

Jim Macklin

FUBAR and SNAFU describe MS issuance of patches ROFL.

During WWII pilots could not cuss on the radio, but they
learned to use the F word anyway. Up beyond all recognition
and situation normal all up.

Fubar was not in the spell-ckeck dictionary but SNAFU was.


| Thanks. Not as bad as I thought...
|
|
in message
| | > Rolling on the floor, laughing out loud to finish the
| > saying.
| >
| > | > | I meant "here" in a general sense.
| > | By the way , I have yet to figure out "ROFL," though I
can
| > easily guess the
| > | "F." All the other acronyms are obvious, but...?
| > |
| > |
| > | | > | > <ROFL> Visit the IE newsgroups, Rory! Gees...
| > | > --
| > | > ~PA Bear
| > | >
| > | > rory wrote:
| > | > >> 'Still, few reports of the Trojan horse have
emerged,
| > according to
| > | > >> Vincent Weafer, the senior director of the
incident
| > response team at
| > | > >> security company Symantec.
| > | > >>
| > | > >> "We have less than a handful of people reporting
the
| > issue," he said. '
| > | > >>
| > | > >> Because everyone is reporting it HERE, instead!
| > | > >>>>> <snip>
| > | > >>>>> related to this newstory perhaps?
| > | > >>>>> http://zdnet.com.com/2100-1105_2-5085861.html
| > | > >>>
| > | > >>> QHosts is a Trojan. The IE CumPatch is related
to
| > this:
| > | > >>> http://www.nsclean.com/exploit.htm
| > | > >>> --
| > | > >>> HTH...Please post back to this thread
| > | > >>>
| > | > >>> ~Robear Dyer (aka PA Bear)
| > | > >>> MS MVP-Windows (IE/OE)
| > | > >>> http://mvp.support.microsoft.com
| > | > >>> AH-VSOP
| > | > >>> http://forum.aumha.org/
| > |
| > |
| >
| >
|
|
 
M

Max Burke

PA Bear scribbled:
QHosts is a Trojan. The IE CumPatch is related to this:
http://www.nsclean.com/exploit.htm
Click to expand...

I have applied the patch, although due to the 'wording' on the tech
bulletin page it's hard to figure out exactly what MS03-040 is fixing.

Anyway going to the above site firstly with the patch applied and
activeX components set to prompt in IE6's internet zone I get a prompt
about running activeX and claims on that page that 3 copies of calc.exe
will be/have been started. They weren't.....

Then I tried it with the activeX components set to 'allow' (aptch still
applied), this time there was just the pop up about three copies of
calc.exe being started again, but again they didn't start at all....

The above site looks a lot like one of these 'scare tactic' websites
that say look what can happen/look what we can do, you had better buy
our products now to stop it happening..... (IMO of course)

However this website does test correctly:
http://www.secunia.com/MS03-032/

Does MS03-040 fixing this vulnerabilty?
<quote>
Description:
eEye Digital Security has discovered a security vulnerability in
Microsoft's Internet Explorer that would allow executable code to run
automatically upon rendering malicious HTML.
This is a flaw in Microsoft's primary contribution to HTML, the Object
tag, which is used to embed basically all ActiveX into HTML pages. The
parameter that specifies the remote location of data for objects is not
checked to validate the nature of the file being loaded, and therefore
trojan executables may be run from within a webpage as silently and as
easily as Internet Explorer parses image files or any other "safe" HTML
content.
This attack may be utilized wherever IE parses HTML, including websites,
email, newsgroups, and within applications utilizing web-browsing
functionality.
http://www.eeye.com/html/Research/Advisories/AD20030820.html
<end quote>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Microsoft Security Bulletin MS03-040 - 828750 8
Microsoft Security Bulletin MS03-040 - 828750 204
Microsoft Security Bulletin MS03-039 - 1
Microsoft Windows Security Bulletin Summary for November, 2003 20
Microsoft Security Bulletin MS03-032 - 822925 2
[ O T ] Microsoft Security Bulletin Advance Notification for March 2010 1
Browser Check 1
Internet Explorer cumulative update 17

Top