Vulnerability Development mailing list archives
RE: CR II - winME? confirmation? (Slightly OT)
From: Jonathan Rickman <jonathan () xcorps net>
Date: Thu, 9 Aug 2001 16:05:03 -0400 (EDT)
On Wed, 8 Aug 2001, Inman, Carey wrote:
Hi, I would like to offer a quote from MS01-033: "the service would not need to be running in order for an attacker to exploit the vulnerability." http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ bulletin/MS01-033.asp Carey
That quote was taken out of context... The buffer overrun occurs before any indexing functionality is requested. As a result, even though idq.dll is a component of Index Server/Indexing Service, the service would not need to be running in order for an attacker to exploit the vulnerability. As long as the script mapping for .idq or .ida files were present, and the attacker were able to establish a web session, he could exploit the vulnerability. James was talking about IIS, not the Indexing Service. If IIS is not running, you are not vulnerable. -- Jonathan Rickman X Corps Security http://www.xcorps.net
Current thread:
- Re: CR II - winME? confirmation? (Slightly OT), (continued)
- Re: CR II - winME? confirmation? (Slightly OT) Jason Haar (Aug 08)
- Re: CR II - winME? confirmation? (Slightly OT) HackHawk (Aug 10)
- Re: CR II - winME? confirmation? (Slightly OT) Gregory McCann (Aug 08)
- Re: CR II - winME? confirmation? (Slightly OT) Enrique A. CompaƱ Gzz. (Aug 10)
- Re: CR II - winME? confirmation? (Slightly OT) Jason Haar (Aug 08)
- RE: CR II - winME? confirmation? (Slightly OT) Gregory_DeGennaro (Aug 09)
- RE: CR II - winME? confirmation? (Slightly OT) Inman, Carey (Aug 09)
- Re: CR II - winME? confirmation? (Slightly OT) Ryan Permeh (Aug 10)
- RE: CR II - winME? confirmation? (Slightly OT) Mike Duncan (Aug 10)
- RE: CR II - winME? confirmation? (Slightly OT) Matthew Leeds (Aug 10)
- Re: CR II - winME? confirmation? (Slightly OT) Thor (Aug 10)
- RE: CR II - winME? confirmation? (Slightly OT) Jonathan Rickman (Aug 10)
- RE: CR II - winME? confirmation? (Slightly OT) Ron DuFresne (Aug 10)
- Re: CR II - winME? confirmation? (Slightly OT) Thor (Aug 10)
- RE: CR II - winME? confirmation? (Slightly OT) William T. Barrett (Aug 10)