[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <920846FA-644E-11D9-8DA6-000D93C0F38C@teknovis.com>
From: andfarm at teknovis.com (Andrew Farmer)
Subject: MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER
On 11 Jan 2005, at 14:52, Team Pwnge wrote:
^^^^^
Nice start: you can't even spell your own name correctly.
<snip... blah, blah, blah>
> Description
> ===========
>
> Shogun Suzuki discovered that a remote user can connect to any
> machine via numerous exploits and use Windows Explorer to view files,
> rename files, delete files, change permissions on files stored on a
> remote machine that has been pwned.
Pray tell. An important element of disclosure is to actually disclose
something. This, however, depends on there actually being something
worth disclosing.
> Impact
> ======
>
> A remote attacker could install something similar to PCAnywhere
> after exploiting Windows and use Windows' Explorer to view, copy
> and or open any file on a victims machine.
... or, "after exploiting Windows", an attacker could just "view,
copy, and or open any file on a victims[sic] machine" without
Explorer's help.
> Concerns?
> =========
>
> Security is a primary focus of TEAM PWN4GE ...
Er... right.
> ... and ensuring the
> progress of secure Windows machines be our dreams.
And grammar be you lacking.
Oh, wait. You probably haven't gotten to that in school yet. Never
mind.
> ... As security
> concerns should be addressed to respective vendors, ...
Reasonable enough, I suppose...
> ... we feel the urge to bypass standards ...
Um... yeah. "We think that $X is good, so we aren't going to do it."
> ... and bring our common dreams of a secure homeland to the Interweb.
*SPLUTTER*
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050111/b8607943/PGP.bin
Powered by blists - more mailing lists