[SlashRaid]

Microsoft TechNet released a security patch MS02-005 for Internet Explorer on Feb. 11, 2002. The patch addresses:

-A buffer overrun vulnerability associated with an HTML directive that is used to incorporate a document within a web page.
-A vulnerability associated with the GetObject scripting function.
-A vulnerability related to the display of file names in the File Download dialogue box.
-A vulnerability that could allow a web page to open a file on the web site, using any application installed on a user's system.
-A vulnerability that could enable a web page to run a script even if the user has disabled scripting.
-A newly discovered variant of the "Frame Domain Verification" vulnerability discussed in Microsoft Security Bulletin MS01-058.

Download Patch Here

(Edited by SlashRaid at 12:23 pm on Feb. 12, 2002)

[SlashRaid]

*bump*

[The Neoracle]

Quote

-A vulnerability that could allow a web page to open a file on the web site, using any application installed on a user's system.

Wasn't someone asking how to do this a couple months back? LOL

[SlashRaid]

Probably, it takes M$ a few weeks to issue these important patches.

[Quik]

-A vulnerability that could allow a web page to open a file on the web site, using any application installed on a user's system.

Naw, they asked if its possible to open a file on a their PC using a link etc on website

[The Neoracle]

Isn't that the same thing or am I reading this wrong?

[Quik]

your reading wrong
it says

web page to open a file on the web site,

open a file on the WEBSITE.. no on their pc

[The Neoracle]

Ah I see, so the programs on their comp, but the file is on the server.  yeah, that could be bad.

[SlashRaid]

Update: CERT Advisory CA-2002-04 Buffer Overflow in Microsoft Internet Explorer

Included in the CERT Advisory posted Feb. 25, 2002 is a revision history.