Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)
From: 3APA3A (3APA3A@SECURITY.NNOV.RU)Date: 04/25/02
- Previous message: Knud Erik Hojgaard: "RE: cheers"
- In reply to: Menashe Eliezer: "Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)"
- Next in thread: Deus, Attonbitus: "RE: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Apr 2002 12:51:44 +0400 From: 3APA3A <3APA3A@SECURITY.NNOV.RU> To: "Menashe Eliezer" <menashe@finjan.com>
Dear Menashe Eliezer,
Sorry for asking, but it's unclear from advisory: is it possible to
access reports with either:
1. ActiveX element marked safe for scripting
2. Javascript or VBscript from "Internet" security zone
Examples you give for scripting will only run in local host content, so
this problem seems to be local only (default permissions for sensitive
files) with minimal impact, because analysis of security policy,
registry and file permissions can (mostly) be done by local user with
unprivileged account. In this case risk is low.
--Thursday, April 25, 2002, 5:06:32 AM, you wrote to bugtraq@securityfocus.com:
ME> Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)
ME> Finjan Software Security Advisory
ME> URL: http://www.finjan.com/mcrc/alert_show.cfm?attack_release_id=71
ME> April 24, 2002
ME> Risk: Medium
ME> -------------
-- ~/ZARAZA Человек это тайна... я занимаюсь этой тайной чтобы быть человеком. (Достоевский)
- Previous message: Knud Erik Hojgaard: "RE: cheers"
- In reply to: Menashe Eliezer: "Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)"
- Next in thread: Deus, Attonbitus: "RE: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
