MSIE 5.5/6 Q312461 patch disclose patch information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

  If you apply Q312461 (MS01-055) patch to your IE 5.5 SP2 / 6, 
  your IE shows patch information into HTTP_USER_AGENT as:

  IE 6:
    Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Q312461)
  IE 5.5 SP2:
    Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)

  You can find vulnerable IE 5.5/6 very easily...

What's this?
------------

  It's registry entry, at:

  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform

Tested
------

* Windows 2000 SP2 (japanese) + IE 5.5 SP2 (japanese) + Q312461 (japanese)
* Windows 2000 SP2 (japanese) + IE 6 (japanese) + Q312461 (japanese)

1st reported by
---------------

  SUZUKI, Kazuhiro
  http://memo.st.ryukoku.ac.jp/archive/200111.month/1890.html
  (caution: this URL is written in Japanese)

----
KOJIMA Hajime - Ryukoku University, Seta, Ootsu, Shiga, 520-2194 Japan
[Office] kjm@rins.ryukoku.ac.jp, http://www.st.ryukoku.ac.jp/~kjm/
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux