Bugtraq: The grand-son of Cuartango Hole

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

The grand-son of Cuartango Hole

From: aleph1 () UNDERGROUND ORG (aleph1 () UNDERGROUND ORG)
Date: Wed, 23 Dec 1998 20:09:05 -0800


Ladies and Gentlemen,
Yesterday I reported to Microsoft the "Grand-Son of Cuartango hole". Still the same "USP" problem existing in the 
"Cuartango Hole" and the "Son of Cuartago Hole" : Your computer files can be stolen by a malicious script. 
MS has fixed it inmediately with the "Frame Spoof Fix" :
http://www.microsoft.com/windows/ie/security/spoof.asp
You will find  a technical description and a real demo in the page below :
http://pages.whowhere.com/computers/cuartangojc/gson2.html
Have a merry Christmas and a happy new year
Regards,
Juan Carlos G. Cuartango

By Date By Thread

Current thread:

Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Ulf Munkedal (Dec 23)
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service David Schwartz (Dec 23)
- The grand-son of Cuartango Hole aleph1 () UNDERGROUND ORG (Dec 23)
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Guido van Rooij (Dec 24)
  - lame old finger bounce bug still exists in sparc 2.7 spoon (Dec 26)
  - Breeze Network Server remote reboot and other bogosity. //Stany (Dec 26)
  - [patch] fix for urandom read(2) not interruptible Andrea Arcangeli (Dec 27)
  - Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Jeff Roberson (Dec 28)