Full Disclosure mailing list archives

RE : how do they do it???


From: "ulysse" <ulysse () madchat org>
Date: Fri, 11 Jul 2003 01:13:29 +0200

----- Original Message ----- 
From: "Thor Larholm" <lists.netsys.com () jscript dk>
To: <full-disclosure () lists netsys com>; <zorkshin () tampabay rr com>
Sent: Thursday, July 10, 2003 12:42 PM
Subject: Re: [Full-disclosure] how do they do it???

From: <zorkshin () tampabay rr com>
http://www.albinoblacksheep.com/text/cupholder.php

how do you think they do it in PHP?

Thank you for confirming that you have NOT installed the MS03-021
patch [1] for
Windows Media Player, which among others removes the ability to
eject CD drives
using the WMP ActiveX control. I can now safely assume that you are
vulnerable
to several vulnerabilities.
[1]
http://www.microsoft.com/technet/security/bulletin/ms03-021.asp


Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher

 Replies like this are realy not need are they??? MrSecurity
Reseacher? I suppose i should lament you on your deficencies, btw I
dont have the patch installed either... by choice. Dont ass-u-me as we
all know what that makes you look like.

Donnie Werner
http://nothackers.org

Actually i don't have the patch either because i don't have media player
9 and the patch you sent was for this version.
But it worked without the software corrected by the patch you
mentionned, so there should be another vulnerability or another reason.

At home it worked with all security patches from ms (all of the security
patches available for my computer in windowsupdate), at work it didn't
with the same patches (but i think i have media player 9 at work).


@++
Ulysse

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Current thread: