Penetration Testing mailing list archives
Re: Betr.: Exploiting C# Issues
From: "Philip Wagenaar" <p.wagenaar () accon nl>
Date: Mon, 07 Feb 2005 09:57:09 +0100
Microsoft will be releasing patches again this tuesday, as it does every first tuesday of the month. One of the updates will fix a security related bug in the Microsoft .Net framework. http://www.eweek.com/article2/0,1759,1759880,00.asp So I guess Microsoft will answer your question tomorrow ;-) Met vriendelijke groet, (Philip) Wagenaar Assistent ICT Projecten & Advies AccoN Accountants & Adviseurs ICT Projecten & Advies Postbus 5090 6802 EB Arnhem The Netherlands tel. +31 (0)26-3842384 fax. +31 (0)26-3630222 mobile: +31 (0)6-25388935 MSN/E-mail: p.wagenaar () accon nl http://www.accon.nl
Barrie Dempster <barrie () reboot-robot net> 05-02-05 22:15 >>>
On Fri, 2005-02-04 at 09:44 +0100, Philip Wagenaar wrote:
Hi Daniel, As you know C#,VB.NET and Cobolt.NET etc etc all compile into the Common Runtime Language. I am not aware of any big weaknesses in the CLR, but I would search for papers on the CLR instead of a specific .Net Language.
Daniel, I'd like to see any papers that you come up with on the CLR, please post anything interesting you find to the list and/or to me privately, I haven't seen anything on that front myself and would be interested in it. As for the .NET framework itself the only problems in it as far as MS are concerned are: http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx and http://www.microsoft.com/technet/security/Bulletin/MS02-026.mspx There is also one upcoming in the next monthly advisory bundle http://www.microsoft.com/technet/security/bulletin/summary.mspx#EOAA (The link to the February list is on that page but I didn't want to link directly to it, to ensure the link was still useful when this email is archived, as the advance notice page changes monthly and there won't be a permanent link until the advisories are released :-) -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue blog: http://zeedo.blogspot.com site: http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ] ################################################################## Dit e-mailbericht is uitsluitend bestemd voor de geadresseerde. De informatie hierin is vertrouwelijk, zodat het derden niet is toegestaan om daarvan kennis te nemen of dit te verstrekken aan andere derden. Indien u dit e-mail bericht ontvangt terwijl het niet voor u bestemd is, verzoeken wij u contact op te nemen met de afzender en de informatie te verwijderen van iedere computer. Bij voorbaat dank. ================================================================== The information transmitted in this e-mail is intended only for the person or entity to which it is addressed and contains confidential information. Any review, retransmission or other use by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. Thank you. ################################################################## ##################################################################################### This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal #####################################################################################
Current thread:
- Betr.: Exploiting C# Issues Philip Wagenaar (Feb 04)
- Re: Betr.: Exploiting C# Issues Barrie Dempster (Feb 06)
- RE: Betr.: Exploiting C# Issues Aleksander P. Czarnowski (Feb 07)
- <Possible follow-ups>
- Re: Betr.: Exploiting C# Issues Philip Wagenaar (Feb 07)
- Re: Betr.: Exploiting C# Issues Barrie Dempster (Feb 07)