Bugtraq mailing list archives
Re: Microsoft Security Bulletin (MS00-005)
From: pauli_ojanpera () HOTMAIL COM (Pauli Ojanpera)
Date: Wed, 19 Jan 2000 11:00:00 CET
Open letter to microsucks.
From: Microsoft Product Security <secnotif () MICROSOFT COM> Reply-To: Microsoft Product Security <secnotif () MICROSOFT COM> To: BUGTRAQ () SECURITYFOCUS COM Subject: Microsoft Security Bulletin (MS00-005) Date: Mon, 17 Jan 2000 16:49:11 -0800
They failed to mention me! and btw it is possible to execute arbitrary code by abusing the fact that one can control ECX also. At least on Win98. "This means that an attacker who wanted to run arbitrary code would need to write a program whose machine language consisted entirely of lower-case alphanumeric data. Microsoft engineers have thoroughly studied this aspect of the vulnerability, and we believe that this is not feasible." So an attacker does just that. Push and pop instructions have nice opcodes. Check Securityfocus database... I made a file which when opened by double clicking runs an eternal loop. Trace that.. Works in Win98 at least. But not limited to. No warranty. Check it. Use your brain. If Microsucks wants users to audit their shit they should at least give the credit to whom the credit is due. Fix http://www.microsoft.com/security/bulletins/MS00-005faq.asp credits also. thanks ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- Re: Microsoft Security Bulletin (MS00-005) Pauli Ojanpera (Jan 19)
- <Possible follow-ups>
- Re: Microsoft Security Bulletin (MS00-005) Brock Tellier (Jan 19)
- Re: Microsoft Security Bulletin (MS00-005) Microsoft Product Security Response Team (Jan 21)