Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft Security Bulletin (MS00-005)

From: pauli_ojanpera () HOTMAIL COM (Pauli Ojanpera)
Date: Wed, 19 Jan 2000 11:00:00 CET

Open letter to microsucks.


From: Microsoft Product Security <secnotif () MICROSOFT COM>
Reply-To: Microsoft Product Security <secnotif () MICROSOFT COM>
To: BUGTRAQ () SECURITYFOCUS COM
Subject: Microsoft Security Bulletin (MS00-005)
Date: Mon, 17 Jan 2000 16:49:11 -0800


They failed to mention me!

and btw it is possible to execute arbitrary code by
abusing the fact that one can control ECX also. At
least on Win98.

"This means that an attacker who wanted to run arbitrary code would need to
write a program whose machine language consisted entirely of lower-case
alphanumeric data. Microsoft engineers have thoroughly studied this aspect
of the vulnerability, and we believe that this is not feasible."

So an attacker does just that. Push and pop instructions have
nice opcodes. Check Securityfocus database... I made a file
which when opened by double clicking runs an eternal loop.
Trace that.. Works in Win98 at least. But not limited to.
No warranty. Check it. Use your brain.

If Microsucks wants users to audit their shit they should
at least give the credit to whom the credit is due. Fix
http://www.microsoft.com/security/bulletins/MS00-005faq.asp
credits also.

thanks

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
Previous By Date Next
Previous By Thread Next

Current thread: