locked
IE8 CSS Vulnerability Workaround RRS feed

  • Question

  • Hi,

    I hope that I can make my question understandable.

     

    Recently users were alerted to a vulnerability in IE8 concerning recursive loading of CSS files here https://www.microsoft.com/technet/security/advisory/2488013.mspx?pubDate=2011-01-11

    This then points to a fixit (50591) here http://support.microsoft.com/kb/2488013 which I subsequently installed as I don't use EMET 2.0.

     

    Now, when I look at installed programs via Add/Remove Programs I see an installed program with the name CVE-2010-3971 alongside the usual icon for microsoft programs. The entry has no other details (eg:size) unlike the other entries in Add/Remove Programs.

    My question is a simple one:

    Is this the fixit I installed, or is it something else?

    I've tried googling "CVE-2010-3971" but all I get is references to a nasty piece of malware installed when the CSS vulnerability has been exploited. This has made me very suspicious as none of my virus scans (nor firewall) indicate that I have any malware.

     

    Could someone please confirm for me that when the microsoft fixit50591 is installed then it appears as described above (CVE-2010-3971) in Add/Remove Programs?

     

    TIA

    Cliff.
    Cliff Rigg
    Wednesday, January 19, 2011 5:10 PM

Answers

  • It's OK I've solved it myself.

     

    Looked at installer with FileAlyzer and searched for the string CVE-2010-3971 which I subsequently found thereby answering my own question.

     


    Cliff Rigg
    • Marked as answer by cliff.rigg Wednesday, January 19, 2011 5:46 PM
    Wednesday, January 19, 2011 5:44 PM