G
Guest
Currently we have system that are being compromised with the
MHTMLRedir.Exploit (Symantec) which is supposedly patched with MS04-013.
However the MS04-013 article clearly states that this article is to be read
by customers with Microsoft Outlook Express installed. None of our systems
run or are installed with Outlook Express, and so the patch was never
applied, but yet the compromise is still possible. It seems that this is
just a problem of wording and language within the article that needs to be
revised. Unfortunately it is too late for us, but hopefully others will
apply this patch to systems not running OE.
this example will actually try to compromise your system so beware (you need
to have the patch installed and an updated AV engine running on your
workstation to be spared):
1. Go to www.fun-photo.com
2. Click on "Most Viewed"
3. welcome to my hell
MHTMLRedir.Exploit (Symantec) which is supposedly patched with MS04-013.
However the MS04-013 article clearly states that this article is to be read
by customers with Microsoft Outlook Express installed. None of our systems
run or are installed with Outlook Express, and so the patch was never
applied, but yet the compromise is still possible. It seems that this is
just a problem of wording and language within the article that needs to be
revised. Unfortunately it is too late for us, but hopefully others will
apply this patch to systems not running OE.
this example will actually try to compromise your system so beware (you need
to have the patch installed and an updated AV engine running on your
workstation to be spared):
1. Go to www.fun-photo.com
2. Click on "Most Viewed"
3. welcome to my hell