Vulnerability Development: Re: CR II - winME? confirmation? (Slightly OT)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: CR II - winME? confirmation? (Slightly OT)

From: "Amer Karim" <amerk () telus net>
Date: Tue, 7 Aug 2001 08:03:33 -0700

Hi All,

All the advisories about CR state that only IIS servers are vulnerable.
However, its my understanding that the unchecked buffer in idq.dll was the
source of that vulnerability.  If thats the case, then why have the
advisories not included Win2K systems (all flavours) since idq.dll is
installed by default as part of the indexing service on all these systems 
regardless of whether they are using the service or not?  Wouldnt that make
ANY system with the indexing service on it just as vulnerable as systems
with IIS? Am I overlooking something obvious here?

Regards,
Amer Karim
Nautilis Information Systems
e-mail: amerk () telus net, mamerk () hotmail com

By Date By Thread

Current thread:

Re: CR II - winME? confirmation? (Slightly OT) Amer Karim (Aug 07)
- Re: CR II - winME? confirmation? (Slightly OT) kam (Aug 07)
  - Re: CR II - winME? confirmation? (Slightly OT) Meritt James (Aug 08)
    - Re: CR II - winME? confirmation? (Slightly OT) Devdas Bhagat (Aug 09)
    - RE: CR II - winME? confirmation? (Slightly OT) Ken Pfeil (Aug 09)
    - Re: CR II - winME? confirmation? (Slightly OT) Jordan (Aug 10)