Vulnerability Development mailing list archives
Re: CR II - winME? confirmation? (Slightly OT)
From: "Amer Karim" <amerk () telus net>
Date: Tue, 7 Aug 2001 08:03:33 -0700
Hi All, All the advisories about CR state that only IIS servers are vulnerable. However, its my understanding that the unchecked buffer in idq.dll was the source of that vulnerability. If thats the case, then why have the advisories not included Win2K systems (all flavours) since idq.dll is installed by default as part of the indexing service on all these systems regardless of whether they are using the service or not? Wouldnt that make ANY system with the indexing service on it just as vulnerable as systems with IIS? Am I overlooking something obvious here? Regards, Amer Karim Nautilis Information Systems e-mail: amerk () telus net, mamerk () hotmail com
Current thread:
- Re: CR II - winME? confirmation? (Slightly OT) Amer Karim (Aug 07)
- Re: CR II - winME? confirmation? (Slightly OT) kam (Aug 07)
- Re: CR II - winME? confirmation? (Slightly OT) Meritt James (Aug 08)
- Re: CR II - winME? confirmation? (Slightly OT) Devdas Bhagat (Aug 09)
- RE: CR II - winME? confirmation? (Slightly OT) Ken Pfeil (Aug 09)
- Re: CR II - winME? confirmation? (Slightly OT) Jordan (Aug 10)
- RE: CR II - winME? confirmation? (Slightly OT) Amer Karim (Aug 10)
- Re: CR II - winME? confirmation? (Slightly OT) Meritt James (Aug 08)
- Re: CR II - winME? confirmation? (Slightly OT) kam (Aug 07)
- Re: CR II - winME? confirmation? (Slightly OT) Michael J. Cannon (Aug 08)
- <Possible follow-ups>
- RE: CR II - winME? confirmation? (Slightly OT) Gregory_DeGennaro (Aug 07)
- Re: CR II - winME? confirmation? (Slightly OT) Grab Raham (Aug 07)
- Re: CR II - winME? confirmation? (Slightly OT) Amer Karim (Aug 07)