Full Disclosure mailing list archives
Re: Internet Explorer (BAN IT !!!)
From: jelmer <jkuperus () planet nl>
Date: Fri, 10 Oct 2003 12:19:21 +0200
just looked at it, the authors messed up , so no it shouldn't work, it doesn't work here they didn't get that error.jsp is a java server page (something roughly equivalent to asp and php) that sets the response code to something that triggers the res file to be loaded --jelmer ----- Original Message ----- From: "Syed Imran Ali" <manipeto () yahoo co uk> Cc: <full-disclosure () netsys com> Sent: Friday, October 10, 2003 12:02 PM Subject: RE: [Full-disclosure] Internet Explorer (BAN IT !!!)
Yup that's true the exploit actually didn't worked even if I was logged in as Administrator or a normal user in Windows XPSp1 with all patches installed except 811394. Regards, Syed Imran Ali Senior Network Engineer (T) +92-300-9256202 :~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~:~: The information contained in this e-mail is confidential and may be privileged. It is intended for the addressee only. If you have received this e-mail in error please notify us immediately, then delete this e-mail. You should not copy it for any purpose, or disclose its contents to any other person. We cannot accept any responsibility for viruses, so please scan all attachments. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. The company does not take any responsibility for the views of the author -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of gregh Sent: Friday, October 10, 2003 3:07 AM To: Irwan Hadi Cc: full-disclosure () netsys com Subject: Re: [Full-disclosure] Internet Explorer (BAN IT !!!) ----- Original Message ----- From: "Irwan Hadi" <irwanhadi () phxby com> To: "gregh" <chows () ozemail com au> Cc: "Stephen" <alf1num3rik () yahoo com>; <full-disclosure () netsys com> Sent: Thursday, October 09, 2003 3:55 PM Subject: Re: [Full-disclosure] Internet Explorer (BAN IT !!!)On Thu, Oct 09, 2003 at 07:54:08AM +1000, gregh wrote:----- Original Message ----- From: "Stephen" <alf1num3rik () yahoo com> To: <full-disclosure () netsys com> Sent: Thursday, October 09, 2003 5:19 AM Subject: [Full-disclosure] Internet Explorer (BAN IT !!!)It becomes really dangerous to use IE ... http://www.k-otik.com/WMPLAYER-TEST/ God bless Mozilla http://www.mozilla.org/Your test didn't work on my IESP1 under XP with all patchesexcepting811394. Absolutely no effect on WMP. My original WMP remains andworks.It depends whether you were logging as a privileged user or not. If not, then your browser can't delete the wmplayer.exe file, because the only user that can change/delete the wmplayer.exe file isprivilegeduser. C:\PROGRA~1\Windows Media Player>cacls wmplayer.exe C:\PROGRA~1\Windows Media Player\wmplayer.exe BUILTIN\Users:R BUILTIN\Power Users:C BUILTIN\Administrators:F NT AUTHORITY\SYSTEM:F C:\PROGRA~1\Windows Media Player> The problem is just too many people are running their Windows with Full Privileges.Didnt matter what I logged in as. I normally am ADMIN, naturally but a priveleged user, a very limited user - no difference. The exploit didnt work. Greg. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Internet Explorer (BAN IT !!!) BoneMachine (Oct 09)
- <Possible follow-ups>
- RE: Internet Explorer (BAN IT !!!) BoneMachine (Oct 09)
- RE: Internet Explorer (BAN IT !!!) Syed Imran Ali (Oct 10)
- Re: Internet Explorer (BAN IT !!!) jelmer (Oct 10)
- Re: Internet Explorer (BAN IT !!!) Gary Flynn (Oct 10)
- Re: Internet Explorer (BAN IT !!!) jelmer (Oct 10)