Hi Forum members,
Anyone read the PSN-2011-03-198 and 199?
Here is the link, (requires login)
I read both of these security advisories and the information stated are not very clear as to what is the potential service impact?
Since there is another update sometimes around April 1 for IE9, I don't want to perform the upgrade twice within the next 15 days.
Thanks for the question regarding the service impact of our two recently released out-of-cycle PSNs.
These two PSNs each resulted in a CVSS Base Score of 5.8 Along with this score, a CVSS Vector was supplied:
. Among other things, this vector represents a partial confidentiality and partial integrity impact.
Without going into detail that would violate entitled disclosure, the issue is that one can obtain access to content that shouldn't be accessible. While the direct impact of arbitrary access to these files is minimal, the integrity breach could lead to additional methods of attack, beyond the scope of this medium risk vulnerability.
Ð Dave Dugal
One minor clarification regarding the IE9 KB @ http://kb.pulsesecure.net/KB19293
>>>Since there is another update sometimes around April 1 for IE9
The update referred to in the KB article is an update of the content in the KB article itself and not the actual releases that will support IE9.
Thanks for the reply. But it still does not help me to understand what are the risks? Maybe we should take this offline. If you can send me a private message. I will like to discuss with you on this matters.