Security expert http-equiv on Full-Disclosure has reported that the patch for the latest security vulnerability in Microsoft Internet Explorer (MS02-032) doesn't fix the problem. A link to a proof of concept exploit is included in his advisory.
-
Affected Systems:
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 for Windows Server 2003
- Disable Active Scripting or (if possible)
- Un-install Microsoft Internet Explorer
View: IE Exploit creating new pop up page
View: Internet Explorer Object Data Remote Execution Vulnerability Advisory
News source: Full-Disclosure