Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: IE 8.0.6001.18975 listed as insecure but version 8.0.6001.18999 i...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Microsoft
And, this specific program:
Microsoft Internet Explorer 8.x

This thread has been marked as locked.
maspiers IE 8.0.6001.18975 listed as insecure but version 8.0.6001.18999 installed
Member 15th Dec, 2010 17:02
Ranking: 0
Posts: 3
User Since: 7th Feb, 2008
System Score: N/A
Location: N/A
Running Secunia PSI on Vista SP2
IE 8.x appears as insecure with the detected version as 8.0.6001.18975, however both IE's own Help - About and the file data in C:\Program Files\Internet Explorer\ show version 8.0.6001.18999 is actually installed and no software updates are listed in Windows Update

ddmarshall RE: IE 8.0.6001.18975 listed as insecure but version 8.0.6001.18999 installed
Dedicated Contributor 15th Dec, 2010 19:52
Score: 1209
Posts: 961
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Have you done a full scan since yesterday's updates were installed? This was needed for the version numbers in my scan report to change.

IE8 is still reported as insecure in Secure browsing. Secunia seem to believe there is still an unpatched vulnerability.

--
This answer is provided as-is. You bear the risk of using it.
Was this reply relevant?
+1
-0
maspiers RE: IE 8.0.6001.18975 listed as insecure but version 8.0.6001.18999 installed
Member 15th Dec, 2010 21:11
Score: 0
Posts: 3
User Since: 7th Feb 2008
System Score: N/A
Location: N/A
1st scan showed it as insecure, ran windows update , rebooted & rescanned. 2nd scan still showed insecure.
But since then it's changed its mind & is now not shown as insecure -not sure what happened in the meantime.
Was this reply relevant?
+0
-0
mogs RE: IE 8.0.6001.18975 listed as insecure but version 8.0.6001.18999 installed
Expert Contributor 15th Dec, 2010 22:17
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello.
IE is still not Secure for Browsing for the following reason :-
http://secunia.com/advisories/42510/
Extract as follows.....

Description
A vulnerability has been discovered in Internet Explorer, which can potentially be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when processing Cascading Style Sheets (CSS) and can be exploited to corrupt memory via e.g. a specially crafted CSS file containing multiple import rules.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in Internet Explorer 7 and 8 on a fully patched Windows XP SP3 system.

Solution
Do not browse untrusted websites.


Provided and/or discovered by
sec yun

Regards,

--
Was this reply relevant?
+1
-0
panderson RE: IE 8.0.6001.18975 listed as insecure but version 8.0.6001.18999 installed
Member 21st Dec, 2010 12:23
Score: -3
Posts: 21
User Since: 9th Dec 2010
System Score: N/A
Location: N/A
Am using internet explorer version 8 on a fully patched XP. I need it for work, but have stopped using it to browse websites. It's still showing as category 4 threat, am I safe?
Was this reply relevant?
+0
-0
Anthony Wells RE: IE 8.0.6001.18975 listed as insecure but version 8.0.6001.18999 installed
Expert Contributor 21st Dec, 2010 12:50
Score: 2445
Posts: 3,332
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

Which version of the PSI are you using ?? where precisely is there a CAT4 warning ?? Which version N of IE does it reference ??

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
This user no longer exists RE: IE 8.0.6001.18975 listed as insecure but version 8.0.6001.18999 installed
Member 21st Dec, 2010 12:55
Last edited on 21st Dec, 2010 12:56 Hi,

My guess would be that the CAT4 warning is the unpatched SA42510 vulnerability shown on the Secure Browsing tab. Please correct me if this is not the case.

As you can see on the advisory page for this vulnerability, you are not exposed if the browser isn't used (Solution: Do not browse untrusted sites).
http://secunia.com/advisories/42510/

This is because the vulnerability is present in the CSS engine.

hope this answers your question.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability