Bugtraq mailing list archives
Announcements from The Palace (fwd)
From: myke () EES COM (Mike Holling)
Date: Fri, 2 Oct 1998 13:31:49 -0400
---------- Forwarded message ---------- Date: Wed, 30 Sep 1998 02:48:14 -0700 From: The Palace <custserv3 () thepalace com> Subject: Announcements from The Palace IMPORTANT SECURITY BUG FIX FOR PALACE CLIENT SOFTWARE FOR WINDOWS 95/98/NT: Over the September 26th weekend, Electric Communities became aware of a potential serious security problem with the Windows 95/98/NT Palace Client software. Monday we confirmed a bug that would permit a malicious Palace server operator to force a Windows Palace client to DOWNLOAD AND EXECUTE an arbitrary program on the client machine. This bug could be used to deliver and run software viruses, personal information sniffers, and other potentially damaging software. However we are not aware of any specific instances of malicious individuals exploiting this bug in any harmful way. We have confirmed that this problem does not affect the Macintosh or the Windows 3.1 client. In response to this security bug, we are today releasing a NEW WINDOWS 95/98/NT PALACE CLIENT update. This update prevents Palace servers from attempting to execute software on the client machine, and is HIGHLY RECOMMENDED FOR ALL WINDOWS PALACE CLIENT USERS. If you do not upgrade your client, your machine is vulnerable to this bug being exploited by malicious server operators. Visit http://www.thepalace.com/products/client/downloads.html to get the latest full version of the Windows Client software. --- If you are currently using version 3.4 (any build) of the palace client, you may instead download one of the following, smaller updates instead of the full installer: ftp://ftp.thepalace.com/pub/palace/client/Windows_95orNT/3.4/AutoUpgradeFor3.4Users.exe if you are using the latest version of 3.4 and don't have multiple versions installed (about 1 meg). ftp://ftp.thepalace.com/pub/palace/client/Windows_95orNT/3.4/ManualUpgrade.exe if you know where you have the palace installed, or have multiple installations (about 400 k). ---
Current thread:
- IE4 Custom Folder Marc (Oct 01)
- Re: IE4 Custom Folder listuser () MAIL SEIFRIED ORG (Oct 01)
- Re: IE4 Custom Folder David LeBlanc (Oct 02)
- Several potential security problems in IBM/Tivoli OPC Tracker Age Klaus.Kusche () OOE GV AT (Oct 02)
- Announcements from The Palace (fwd) Mike Holling (Oct 02)
- Re: IE4 Custom Folder Christopher K Davis (Oct 02)
- Internet Wide DOS Attack using IRC dbarba (Oct 02)
- Re: Internet Wide DOS Attack using IRC Kameron Gasso (Oct 02)
- Re: Internet Wide DOS Attack using IRC [deicide] (Oct 02)
- Re: Internet Wide DOS Attack using IRC Bencsath Boldizsar (Oct 02)
- Re: IE4 Custom Folder listuser () MAIL SEIFRIED ORG (Oct 01)
- CERT: IN-98.04 Darren Reed (Oct 01)