lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <653D74053BA6F54A81ED83DCF969DF0815C244@pivxes1.pivx.com>
Date: Thu, 15 Jul 2004 10:21:55 -0700
From: "Thor Larholm" <tlarholm@...x.com>
To: "Mark Litchfield" <mark@...software.com>,
	<bugtraq@...urityfocus.com>
Cc: "Brett Moore" <brett.moore@...urity-assessment.com>
Subject: RE: Unchecked buffer in mstask.dll


My bad, I meant to say MS04-022 which correctly list a patch for Windows
XP. I tried correcting my error in an immediate followup post and wrote
bugtraq-owner@...urityfocus.com to clarify but the original post got
approved.
 

Regards

Thor Larholm

-----Original Message-----
From: Mark Litchfield [mailto:mark@...software.com] 
Sent: Thursday, July 15, 2004 2:05 AM
To: Thor Larholm; bugtraq@...urityfocus.com
Cc: Brett Moore
Subject: Re: Unchecked buffer in mstask.dll

<< Microsoft should update the MS02-022 bulletin to reflect that
automated exploitation is possible. Currently, the only listed affected
software is Windows 2000 but I had no problems reproducing this on
Windows XP as well. Since there is no patch available for Windows XP to
fix this vulnerability the only workaround is to disable the dynamic
icon handler for JobObject files, as described above >>

This issue was also reported to Microsoft by Peter Winter Smith of NGS
Software, with his sole testing platform being that of Windows XP as
stated in his advisory.  He had not confirmed exploitation against
Windows 2000.
As far as I am aware, there is a fix available for XP available from
http://www.microsoft.com/downloads/details.aspx?FamilyId=8E8D0A2D-D3B9-4
DE8-8B6F-FC27715BC0CF&displaylang=en

Regards

Mark Litchfield


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ