Tiny3 vs Winhelp32 Bof

From: Brett Moore (brett@softwarecreations.co.nz)
Date: 08/19/02

• Previous message: Charles Miller: "Re: IE SSL Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Brett Moore" <brett@softwarecreations.co.nz>
To: <bugtraq@securityfocus.com>
Date: Mon, 19 Aug 2002 14:14:02 +1200

No so much a bug, more an issue of another default installation setup.

After writing an exploit for the winhelp32, I tested on a pc that had
Tiny 2 installed. As I expected Tiny stopped the outbound connection.

Testing on a Tiny 3 version had no warnings of the outbound connection.

Upon investigation it was found that winhelp32.exe is by default a
harmless application and therefore has full access no rules.

harmless application? Ever seen one of those?

---

• Previous message: Charles Miller: "Re: IE SSL Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2002-08