> IE 6: > Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Q312461) > IE 5.5 SP2: > Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461) > > You can find vulnerable IE 5.5/6 very easily... I can confirm that also with: Windows NT4 SP6a + Q299444i + IE 5.5 SP2 (and 6.0) + Q312461 - all polish Windows 2000 SP2 + IE 6.0 +312461 - all polish This could be used to do a selective, web-based attack against IE, but can be also hidden very easily. You can modify the UserAgent setting via registry or a web-proxy (like squid). I wouldn't see it as a big security threat. Would you? -- Lukasz 'ptashek' Szmit
