Kandu.dk - Sikkerhedsproblem i MSIE for OS X


/ Forside / Teknologi / Hardware / Mac / Nyhedsindlæg

Glemt dit kodeord?

Brugernavn*

Kodeord *

Husk mig

Brugerservice

Kom godt i gang

Bliv medlem

Seneste indlæg

Find en bruger

Stil et spørgsmål

Skriv et tip

Fortæl en ven

Pointsystemet

Kontakt Kandu.dk

Emnevisning

Kategorier

Alfabetisk

Karriere

Interesser

Teknologi

Reklame

Top 10 brugere

Mac

#	Navn	Point
1	UlrikB	4810
2	kipros	1675
3	Klaudi	1010
4	myg	920
5	pifo	907
6	Stouenberg	838
7	molokyle	830
8	Bille1948	815
9	rotw	760
10	EXTERMINA..	750

Sikkerhedsproblem i MSIE for OS X
Fra : Erik Richard Sørense~

Dato : 24-10-01 16:06

Hej Gruppe!

Nedenstående meddelelse og advarsel er d.d. modtaget fra MS.
mvh. Erik Richard

-----------------
SIKKERHEDSPROBLEM I MICROSOFT INTERNET EXPLORER TIL MAC OS X.

> Approved-By: secnotif@MICROSOFT.COM
> X-MS-Has-Attach:
> X-MS-TNEF-Correlator:
> Thread-Topic: Microsoft Security Bulletin MS01-053
> Thread-Index: AcFcJa1eUdbwmMVsRtGmZ4DdaK5BEg==
> X-OriginalArrivalTime: 24 Oct 2001 00:49:03.0802 (UTC)
> FILETIME=[AD8849A0:01C15C25]
> Date: Tue, 23 Oct 2001 17:49:03 -0700
> Sender: Microsoft Product Security Notification
> Service <MICROSOFT_SECURITY@ANNOUNCE.MICROSOFT.COM>
> From: Microsoft Product Security <secnotif@MICROSOFT.COM>
> Subject: Microsoft Security Bulletin MS01-053
> To: MICROSOFT_SECURITY@ANNOUNCE.MICROSOFT.COM
> X-SLUIDL: C9904673-97C64830-B4B0AD0A-EB37AC22
>
> The following is a Security Bulletin from the Microsoft Product Security
> Notification Service.
>
> Please do not reply to this message, as it was sent from an unattended
> mailbox.
> ********************************
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> - ----------------------------------------------------------------------
> Title: Downloaded Applications Can Execute on Mac IE 5.1 for
> OS X
> Date: 23 October 2001
> Software: Internet Explorer 5.1 for Macintosh (r)
> Impact: Run code of attacker's choice
> Bulletin: MS01-053
>
> Microsoft encourages customers to review the Security Bulletin at:
> http://www.microsoft.com/technet/security/bulletin/MS01-053.asp.
> - ----------------------------------------------------------------------
>
> Issue:
> ======
> The Macintosh OS X Operating System provides built-in support for
> both BinHex and MacBinary file types. These file types allow for the
> efficient transfer of information across networks by allowing
> information to be compressed by the sender and then decompressed by
> the recipient. This capability is particularly useful on the
> Internet, by allowing users to dowload compressed files.
>
> A vulnerability results because of a flaw in the way Mac OS X and Mac
> IE 5.1 interoperate when BinHex and MacBinary file types are
> downloaded. As a result, an application that is downloaded in either
> of these formats can execute automatically once the download is
> complete.
>
> A user would first have to choose to download a file and allow the
> download to fully complete before the application could execute.
> Also, users can choose to disable the automatic decoding of both
> these file types.
>
> Mitigating Factors:
> ====================
> - The user would have to choose to downoad the application before
> any attempt could be made to exploit the vulnerablity. It cannot be
> exploited without user interaction.
> - The application would have to successfully download before any
> attempt could be made to exploit the vulnerability. The user can
> cancel the download at anytime prior to completion.
> - The vulnerability could not be exploited if automatic decoding of
> BinHex and MacBinary files has been disabled. This is not a default
> setting however.
>
> Patch Availability:
> ===================
> - A patch is available to fix this vulnerability. Please read the
> Security Bulletin at
> http://www.microsoft.com/technet/security/bulletin/ms01-053.asp
> for information on obtaining this patch.
>
> - ---------------------------------------------------------------------
>
> THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
> PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
> ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
> WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS
> SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING
> DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS
> PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION
> OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
> DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR
> LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

--
K.M.L. Denmark by Erik Richard Sørensen, Member of ADC
Edwin Rahrsvej 20.3.03, DK-8220 Brabrand, Denmark
Phone: (+45) 8625 0963, Fax: (+45) 8625 0962 (temporary off)
Mobile phone: (+45) 4082 6109, E-mail: <kml.ers@mail1.stofanet.dk>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Software - For Theological Education - And For Physical Impaired
- Do it The Nisus Way - Nisus Writer, The Best Textprocessor in The World
- Nisus Email, A Revolution In Emailing - Visit: <http://www.nisus.com>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Søg

Reklame

Statistik

Spørgsmål :	177523
Tips :	31968
Nyheder :	719565
Indlæg :	6408675
Brugere :	218887

Månedens bedste

Årets bedste

Sidste års bedste