MS02-023 does not patch actual issue!

Hello, Microsoft released a cumulative patch yesterday, which, among other issues, allegedly patches the dialogArguments vulnerability http://jscript.dk/adv/TL002/. In their bulletin Microsoft makes several severe errors: 1. "A cross-site scripting vulnerability in a Local HTML Resource..." No,...

Update and comments on the MS02-023 patch, holes still remain

The latest cumulative patch from Microsoft, http://www.microsoft.com/technet/security/bulletin/MS02-023.asp , promises to eliminate "six newly discovered vulnerabilities", but fails to do so. First, we find what MS calls "A cross-site scripting vulnerability in a Local HTML Resource". This is...