| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <LAW11-OE20iBdk4RA59000024f3@hotmail.com> From: se_cur_ity at hotmail.com (morning_wood) Subject: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution > please enlighten us on your versions numbers / patch levels wood. > -KF > > > morning_wood wrote: > > Dunno but your message crashes OE on (pre)view. > > no warning, no nothin... OE just *bink* closes > > NICE JOB gta@...h.com. > > Symtoms were reported using the following: Windows XP Pro ( Gold SP0 ) OE Version = 6.00.2600.0000(xpclient 010817-1148) dll's not matching version sig: csapi3t1.dll <unknown> mshtml.dll 6.00.2734.1600 msoe.dll 6.00.2720.3000 msoeacct.dll 6.00.2800.1123 msoert2.dll 6.00.2800.1123 ole32.dll 5.1.2600.115(xpclient_qfe.021108-2107 riched20.dll 5.30.23.1210 riched32.dll 5.1.2600.0(xpclient 010817-1148) wab32.dll <unknown> wab32res.dll <unknown> note: I was forced to go to hotmail via the web interface, and manualy delete the message to restore function. further, my "Security" tab in options is set to "Internet Zone" ( less secure ) on the account in question. One more note of observance in OE6, each account can be independantly set for "security" zones even in a single user machine. I now check "security" settings on every account per machine ( not user login ) , however I have not noted if the settings are inherited from the current IE security settings at the time of account creation ( but would explain my different settings accross 6 accounts on a single usder box ). Donnie Werner http://exploitlabs.com
Powered by blists - more mailing lists