Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: RFP2K04: Mining BlackICE with RFPickAxe
From: andrew () NFR NET (Andrew Lambeth)
Date: Fri, 19 May 2000 14:16:51 -0400

rain forest puppy wrote:


--/ 3 / Forward thinking /------------------------------------------------

I discussed this point at CanSecWest.  BlackICE is not the only (security)
application that stores data in a Microsoft .mdb file.  So what does use
.mdb's?  Well, NT 4.0 WINS, DHCP, CyberCop, NFR-GUI (Windows client), etc.



No version of the NFR windows client has ever been in any way vulnerable
to any form or variation of the exploit discussed in this advisory.

The NFR windows client does not store any information in a Microsoft
.mdb file nor does it use Microsoft Access or Jet in any way.

You may have been confused by the fact that an earlier version of the
NFR client used ".mar" as a file extension for "Marked As Read" files.
These files were not in any way associated with Microsoft Access.  The
filename extension was changed some time ago to avoid such confusion.


--
Andrew Lambeth - Senior Software Engineer, Network Flight Recorder, Inc.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]