Re: MORE CRITICAL FLAWS IN MS WINDOWS EXPLORER

[Andrew Farmer <andfarm () teknovis com>]

On 11 Jan 2005, at 14:52, Team Pwnge wrote:
                                                           ^^^^^

Nice start: you can't even spell your own name correctly.

<snip... blah, blah, blah>


> Description
> ===========
>
> Shogun Suzuki discovered that a remote user can connect to any
> machine via numerous exploits and use Windows Explorer to view files,
> rename files, delete files, change permissions on files stored on a
> remote machine that has been pwned.

Pray tell. An important element of disclosure is to actually disclose
something. This, however, depends on there actually being something
worth disclosing.


> Impact
> ======
>
> A remote attacker could install something similar to PCAnywhere
> after exploiting Windows and use Windows' Explorer to view, copy
> and or open any file on a victims machine.

... or, "after exploiting Windows", an attacker could just "view,
copy, and or open any file on a victims[sic] machine" without
Explorer's help.


> Concerns?
> =========
>
> Security is a primary focus of TEAM PWN4GE ...

Er... right.


> ... and ensuring the
> progress of secure Windows machines be our dreams.

And grammar be you lacking.

Oh, wait. You probably haven't gotten to that in school yet. Never
mind.


> ... As security
> concerns should be addressed to respective vendors, ...

Reasonable enough, I suppose...


> ... we feel the urge to bypass standards ...

Um... yeah. "We think that $X is good, so we aren't going to do it."


> ... and bring our common dreams of a secure homeland to the Interweb.

*SPLUTTER*

Attachment: PGP.sig
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html