|
Full Disclosure
mailing list archives
Re: MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER
From: Andrew Farmer <andfarm () teknovis com>
Date: Tue, 11 Jan 2005 20:01:00 -0800
On 11 Jan 2005, at 14:52, Team Pwnge wrote:
^^^^^
Nice start: you can't even spell your own name correctly.
<snip... blah, blah, blah>
Description
===========
Shogun Suzuki discovered that a remote user can connect to any
machine via numerous exploits and use Windows Explorer to view files,
rename files, delete files, change permissions on files stored on a
remote machine that has been pwned.
Pray tell. An important element of disclosure is to actually disclose
something. This, however, depends on there actually being something
worth disclosing.
Impact
======
A remote attacker could install something similar to PCAnywhere
after exploiting Windows and use Windows' Explorer to view, copy
and or open any file on a victims machine.
... or, "after exploiting Windows", an attacker could just "view,
copy, and or open any file on a victims[sic] machine" without
Explorer's help.
Concerns?
=========
Security is a primary focus of TEAM PWN4GE ...
Er... right.
... and ensuring the
progress of secure Windows machines be our dreams.
And grammar be you lacking.
Oh, wait. You probably haven't gotten to that in school yet. Never
mind.
... As security
concerns should be addressed to respective vendors, ...
Reasonable enough, I suppose...
... we feel the urge to bypass standards ...
Um... yeah. "We think that $X is good, so we aren't going to do it."
... and bring our common dreams of a secure homeland to the Interweb.
*SPLUTTER*
Attachment:
PGP.sig
Description: This is a digitally signed message part
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
| 
Intro
