Full Disclosure mailing list archives
Re: Internet Explorer (BAN IT !!!)
From: "gregh" <chows () ozemail com au>
Date: Fri, 10 Oct 2003 08:06:45 +1000
----- Original Message ----- From: "Irwan Hadi" <irwanhadi () phxby com> To: "gregh" <chows () ozemail com au> Cc: "Stephen" <alf1num3rik () yahoo com>; <full-disclosure () netsys com> Sent: Thursday, October 09, 2003 3:55 PM Subject: Re: [Full-disclosure] Internet Explorer (BAN IT !!!)
On Thu, Oct 09, 2003 at 07:54:08AM +1000, gregh wrote:----- Original Message ----- From: "Stephen" <alf1num3rik () yahoo com> To: <full-disclosure () netsys com> Sent: Thursday, October 09, 2003 5:19 AM Subject: [Full-disclosure] Internet Explorer (BAN IT !!!)It becomes really dangerous to use IE ... http://www.k-otik.com/WMPLAYER-TEST/ God bless Mozilla http://www.mozilla.org/Your test didn't work on my IESP1 under XP with all patches excepting 811394. Absolutely no effect on WMP. My original WMP remains and works.It depends whether you were logging as a privileged user or not. If not, then your browser can't delete the wmplayer.exe file, because the only user that can change/delete the wmplayer.exe file is privileged user. C:\PROGRA~1\Windows Media Player>cacls wmplayer.exe C:\PROGRA~1\Windows Media Player\wmplayer.exe BUILTIN\Users:R BUILTIN\Power Users:C BUILTIN\Administrators:F NT AUTHORITY\SYSTEM:F C:\PROGRA~1\Windows Media Player> The problem is just too many people are running their Windows with Full Privileges.
Didnt matter what I logged in as. I normally am ADMIN, naturally but a priveleged user, a very limited user - no difference. The exploit didnt work. Greg. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: [PAPER] Juggling with packets: floating data storage, (continued)
- Re: [PAPER] Juggling with packets: floating data storage Nicholas Weaver (Oct 08)
- Re: [PAPER] Juggling with packets: floating data storage Michal Zalewski (Oct 08)
- Internet Explorer (BAN IT !!!) Stephen (Oct 08)
- RE: Internet Explorer (BAN IT !!!) Brent Colflesh (Oct 08)
- Re: Internet Explorer (BAN IT !!!) gregh (Oct 08)
- Re: Internet Explorer (BAN IT !!!) Paul Schmehl (Oct 08)
- Re: Internet Explorer (BAN IT !!!) Irwan Hadi (Oct 08)
- Re: Internet Explorer (BAN IT !!!) Peter King (Oct 09)
- Re: Internet Explorer (BAN IT !!!) jelmer (Oct 09)
- Re: Internet Explorer (BAN IT !!!) John Sage (Oct 09)
- Re: Internet Explorer (BAN IT !!!) gregh (Oct 09)
- Shift key breaks CD copy locks Edward W. Ray (Oct 08)
- Re: Internet Explorer (BAN IT !!!) Joel R. Helgeson (Oct 08)
- Re: Internet Explorer (BAN IT !!!) Stephen (Oct 09)
- RE: Re: Internet Explorer (BAN IT !!!) Benjamin Meade (Oct 09)
- Re: [PAPER] Juggling with packets: floating data storage Rick Wash (Oct 08)
- Re: [PAPER] Juggling with packets: floating data storage Doug Moen (Oct 08)
- Re: [PAPER] Juggling with packets: floating data storage Michal Zalewski (Oct 08)
- Re: [PAPER] Juggling with packets: floating data storage Michal Zalewski (Oct 08)
- Re: [PAPER] Juggling with packets: floating data storage David Heigl (Oct 08)
- Re: [PAPER] Juggling with packets: floating data storage Thamer Al-Harbash (Oct 08)