Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: CR II - winME? confirmation? (Slightly OT)

From: "Matthew Leeds" <mleeds () theleeds net>
Date: Thu, 09 Aug 2001 13:13:20 -0700
Note from the same bulletin:

'The vulnerability can only be exploited if a web session can be established with an affected server. Customers who 
have installed Index Server or Index Services but not IIS would not be at risk. This is the default case for Windows 
2000 Professional.'

and

'So, if IIS is not running on my machine, I’m not affected by the vulnerability?

'That’s correct. Even if you’ve installed Index Server or Indexing Service, the vulnerability could only be exploited 
if IIS were running.'

It helps to read the entire bulletin.

---Matthew

*********** REPLY SEPARATOR  ***********

On 8/8/2001 at 1:32 PM Inman, Carey wrote:


Hi,

I would like to offer a quote from MS01-033:

"the service would not need to be running in order for an attacker to
exploit the vulnerability."

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS01-033.asp

Carey
Previous By Date Next
Previous By Thread Next

Current thread: