lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <02da01c4f879$0140c610$6400a8c0@olympus>
From: tux at penguinnetwerx.net (Kevin Reiter)
Subject: MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER

original got bounced (mailbox full?)

: <snip>
:
: : Windows Explorer is an advanced browsing tool made by Microsoft. It is used
: : in daily tasks to open folders, copy files, delete files, rename files and
: : view files on a system. It is the foundation of the World Wide Web and used
:
: OK, we need to figure out which "Explorer" this guy is talkin' about - Internet
: Explorer or Windows Explorer.
:
: : Shogun Suzuki discovered that a remote user can connect to any machine via
: : numerous exploits and use Windows Explorer to view files, rename files,
: : delete files, change permissions on files stored on a remote machine that
: : has been pwned.
:
: ..such as ...????  (HINT:  What 'sploits?)
:
: : On a command prompt: del C:\WINDOWS\explorer.exe
:
: Erm...sure...OK.   But what happens when the poor sucker reboots the box and
: discovers the O/S is inop (provided the O/S even lets you delete the file in the
: first place, since explorer.exe is the shell ...)?
:
: Sorry, but this was the very first post I saw after I joined this list a little
: bit ago, and I couldn't resist a few comments.  Is this guy for real, or is this
a
: joke?
:
: -K
:
: _______________________________________________
: Full-Disclosure - We believe in it.
: Charter: http://lists.netsys.com/full-disclosure-charter.html
:
:


Powered by blists - more mailing lists