Bugtraq mailing list archives
The grand-son of Cuartango Hole
From: aleph1 () UNDERGROUND ORG (aleph1 () UNDERGROUND ORG)
Date: Wed, 23 Dec 1998 20:09:05 -0800
Ladies and Gentlemen, Yesterday I reported to Microsoft the "Grand-Son of Cuartango hole". Still the same "USP" problem existing in the "Cuartango Hole" and the "Son of Cuartago Hole" : Your computer files can be stolen by a malicious script. MS has fixed it inmediately with the "Frame Spoof Fix" : http://www.microsoft.com/windows/ie/security/spoof.asp You will find a technical description and a real demo in the page below : http://pages.whowhere.com/computers/cuartangojc/gson2.html Have a merry Christmas and a happy new year Regards, Juan Carlos G. Cuartango
Current thread:
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Ulf Munkedal (Dec 23)
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service David Schwartz (Dec 23)
- The grand-son of Cuartango Hole aleph1 () UNDERGROUND ORG (Dec 23)
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Guido van Rooij (Dec 24)
- lame old finger bounce bug still exists in sparc 2.7 spoon (Dec 26)
- Breeze Network Server remote reboot and other bogosity. //Stany (Dec 26)
- [patch] fix for urandom read(2) not interruptible Andrea Arcangeli (Dec 27)
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Jeff Roberson (Dec 28)
- Oracle8 TNSLSNR DoS Jason Ackley (Dec 28)
- ssh2 security problem (and patch) (fwd) Darren Reed (Dec 29)
- Comparison of THC-SCAN v2.0 with Sandstorm PhoneSweep 1.02 Simson L. Garfinkel (Dec 29)
- Local/remote exploit for SCO UNIX. leshka (Dec 29)
- followup on yahoo pager security problem Neulinger, Nathan R. (Dec 29)
(Thread continues...)