lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: shreddersub7 at yahoo.com (Tim ShredderSub7) Subject: RE: > hhctrl.ocx is not installed by default in all SP1s but is on all SP2. Sorry, forgot to mention this. The website (http://www.freewebs.com/shreddersub7/expl-discuss.htm) is updated now. I couldn't respond earlier because Microsoft has shutted down my Hotmail account (shreddersub7@...mail.com doesn't work anymore) and therefore I lost all my mails, including the ones from Full Disclosure :-( Ow well, they can't stop me, just email to shreddersub7_at_yahoo.com ;-) ---ORIGINIAL MESSAGE (se_cur_ity_at_hotmail.com)--- > hhctrl.ocx is not installed by default in all SP1s but is on all SP2. > Therefore when the exploit page tries to create the object he cannot > find it so it tries to install it. On SP2 it exists by default therefore > created silently. i replied to this because of this statement by the O.P.. "Any system running any Microsoft Windows XP edition with Internet Explorer 6 or higher, even with SP2 applied." this suggests that all XP are affected by default, including sp2. cheers, m.w p.s. I have noticed that the final pre-release of SP2 is much better ( in my experience ) performance and security wise. ( and it retains raw sockets ). In SP2rc2, IE6 popup blocker stopped the PoC at default settings. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041228/5d379035/attachment.html
Powered by blists - more mailing lists