Vulnerability Development mailing list archives

Re: more iis-unicode questions

From: "J. J. Horner" <jhorner () 2JNETWORKS COM>
Date: Thu, 26 Oct 2000 10:33:15 -0400

What permissions stop the attack?  I've seen machines that aren't vulnerable before patching,
and I've seen machines with SP5 patched and still vulnerable.

Any ideas?

Jon

On Thu, Oct 26, 2000 at 07:47:53AM -0300, JRC - Techno Logic Consulting wrote:

Yes, I was tested with several Servers and works. But, when the security rights of the files in the server was 
correctly configured, the security stops the atack.

  ----- Original Message -----
  From: aliver vilereal
  To: VULN-DEV () SECURITYFOCUS COM
  Sent: Wednesday, October 25, 2000 11:10 PM
  Subject: more iis-unicode questions

  has anyone seen the iis-unicode exploit run over https?  i'm not crazy for thinking it is possible am i?  i'm sorry 
to keep asking questions of the list, but i haven't been able to install iis and test these things, becasuse i am 
away from where my disk is.
  thanks again
  aliver vilereal
  ubermother


--
J. J. Horner
jjhorner () bellsouth net
System has been up: 20 days.

Current thread:

more iis-unicode questions aliver vilereal (Oct 26)
- Re: more iis-unicode questions JRC - Techno Logic Consulting (Oct 27)
  - Re: more iis-unicode questions Erik Tayler (Oct 27)
  - Re: more iis-unicode questions J. J. Horner (Oct 27)
    - Re: more iis-unicode questions JRC - Techno Logic Consulting (Oct 27)
- <Possible follow-ups>
- Re: more iis-unicode questions Fleck, Michael (Oct 27)