Re: Windows Explorer

From: Preston, Stuart (Stuart.Preston@CONCHANGO.COM)
Date: 02/04/02 

Date:         Mon, 4 Feb 2002 19:29:54 -0000
From: "Preston, Stuart" <Stuart.Preston@CONCHANGO.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

All,

A simple Network Monitor trace shows that a number of HTTP GET requests are
made - prior, during and subsequent to a search being executed:

Firstly, a call is made to

        http://sa.windows.com/sasearch/lclsrch.xml
        [this looks like the contents of the search box]

then a call to

        http://sa.windows.com/sasearch/balloon.xsl
        [this looks like the transform of data to something a bit more
formatted]

.. then depending upon which action you take:

        http://sa.windows.com/sasearch/lclDocs.xml

        http://sa.windows.com/sasearch/lclProg.xml
        [these both appear to be further messages for Windows dialogs]

There may be others depending on the links that are clicked with the search
"balloon". As to why they are retrieved each time, I have little idea other
than perhaps if the text changes the newer version is cached for use when
offline? (per the settings described in the previous post)

Regards,
Stuart.

_____________________________________________________________________
This message has been checked for all known viruses by the MessageLabs Virus Control Centre.

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by Qualys - Make Your Network Secure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Go Beyond PARTIAL Security: FREE White Paper

Stop hassling with half-baked ENTERPRISE SECURITY.
FREE White Paper shows you how to ensure TOTAL security for your Internet
perimeter with the most current and most complete PROACTIVE Vulnerability
Assessment solution. Get your FREE White Paper now. Click here!
https://www.qualys.com/forms/techwhite_86.html
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

Relevant Pages

  • Followup to Windows 2000 unable to unload registry hive
    ... The common cause of the registry hive's inability to unload in all cases ... to count on profiles always unloading correctly. ... Stop hassling with half-baked ENTERPRISE SECURITY. ... FREE White Paper shows you how to ensure TOTAL security for your Internet ...
    (NT-Bugtraq)
  • Re: Download for MS02-009 available
    ... The redistributable patch for the IE Cross-domain VBScripting problem, ... Stop hassling with half-baked ENTERPRISE SECURITY. ... FREE White Paper shows you how to ensure TOTAL security for your Internet ...
    (NT-Bugtraq)
  • command prompt in w2k
    ... command prompts and we discovered that cmd.exe from nt40 runs just fine. ... Stop hassling with half-baked ENTERPRISE SECURITY. ... FREE White Paper shows you how to ensure TOTAL security for your Internet ...
    (NT-Bugtraq)
  • Re: Windows XP Pro rebooting after fast user switching
    ... I have had numerous reports from people indicating that they ... None seem to be able to nail ... Stop hassling with half-baked ENTERPRISE SECURITY. ... FREE White Paper shows you how to ensure TOTAL security for your Internet ...
    (NT-Bugtraq)
  • Re: dH & SECURITY.NNOV: buffer overflow in mshtml.dll
    ... Subject: dH & SECURITY.NNOV: buffer overflow in mshtml.dll ... For more information on a proactive anti-virus service working ... Stop hassling with half-baked ENTERPRISE SECURITY. ... FREE White Paper shows you how to ensure TOTAL security for your Internet ...
    (NT-Bugtraq)