lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <000301c34738$e172e590$cd784351@lapinou>
From: ulysse at madchat.org (ulysse)
Subject: how do they do it???

> ----- Original Message ----- 
> From: "Thor Larholm" <lists.netsys.com@...ript.dk>
> To: <full-disclosure@...ts.netsys.com>; <zorkshin@...pabay.rr.com>
> Sent: Thursday, July 10, 2003 12:42 PM
> Subject: Re: [Full-Disclosure] how do they do it???

> > > From: <zorkshin@...pabay.rr.com>
> > > http://www.albinoblacksheep.com/text/cupholder.php
> > >
> > > how do you think they do it in PHP?
> >
> > Thank you for confirming that you have NOT installed the MS03-021
> patch [1] for
> > Windows Media Player, which among others removes the ability to
> eject CD drives
> > using the WMP ActiveX control. I can now safely assume that you are
> vulnerable
> > to several vulnerabilities.
> > [1]
> > http://www.microsoft.com/technet/security/bulletin/ms03-021.asp
> >
> >
> > Regards
> > Thor Larholm
> > PivX Solutions, LLC - Senior Security Researcher

>  Replies like this are realy not need are they??? MrSecurity
> Reseacher? I suppose i should lament you on your deficencies, btw I
> dont have the patch installed either... by choice. Dont ass-u-me as we
> all know what that makes you look like.
> 
> Donnie Werner
> http://nothackers.org

Actually i don't have the patch either because i don't have media player
9 and the patch you sent was for this version.
But it worked without the software corrected by the patch you
mentionned, so there should be another vulnerability or another reason.

At home it worked with all security patches from ms (all of the security
patches available for my computer in windowsupdate), at work it didn't
with the same patches (but i think i have media player 9 at work).


@++
Ulysse

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ