Let s play, on Wednesday 17, Nov - Secunia released the advisory Microsoft
Internet Explorer Two Vulnerabilities, related to a vulnerability discovered by
cyber flash. This file download security warning bypass (unpatched) flaw could
be exploited to download a malicious executable file masqueraded as a HTML
document.
Microsoft said : Secunia you're bad, this vulnerability was not disclosed
responsibly
Secunia said NO ! No ! We did not release the technical details of this flaw
and our policy is to not reveal vulnerability details until a fix had been
provided, unless they were already in the wild. We did not discover this
vulnerability, so we can not censure it
Some people said Who is cyberflash ? perhaps Secunia discovered this flaw, but
masked it behind a third party researcher
K-OTik Says to Some people : cyber flash is not a fictitious security researcher
K-OTik Says to MS & Secunia : There is no security through obscurity...and full
disclosure is our policy
----------------------------------------------------------------
Internet Explorer 6.0 SP2 File Download Security Warning Bypass
----------------------------------------------------------------
Exploit -> http://www.k-otik.com/exploits/20041119.IESP2Unpatched.php
Technical Details - >
http://www.k-otik.com/exploits/20041119.IESP2disclosure.php
all credits go to Cyber flash A.K.A Vengy
Regards
K-OTik Security Research & Survey Team 24/7
kttp://www.k-otik.com
--
Editor's Note: The 43rd Most Powerful Person in Networking says...
Register today to take the TruSecure ICSA exam by 12/31/04 at
<http://www.2test.com> , use promo code "CT1204" and you will pay just
$221.25 US Dollars for domestic exam delivery and $296.25 US Dollars
for international delivery.
Visit <https://ticsa.trusecure.com> for complete details regarding the
TICSA credential and to take the free sample exam.
--
