Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: CR II - winME? confirmation? (Slightly OT)

From: Jonathan Rickman <jonathan () xcorps net>
Date: Thu, 9 Aug 2001 16:05:03 -0400 (EDT)
On Wed, 8 Aug 2001, Inman, Carey wrote:


Hi,

I would like to offer a quote from MS01-033:

"the service would not need to be running in order for an attacker to
exploit the vulnerability."

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
bulletin/MS01-033.asp

Carey


That quote was taken out of context...

The buffer overrun occurs before any indexing functionality is requested. As a
result, even though idq.dll is a component of Index Server/Indexing Service,
the service would not need to be running in order for an attacker to exploit
the vulnerability. As long as the script mapping for .idq or .ida files were
present, and the attacker were able to establish a web session, he could exploit
the vulnerability.

James was talking about IIS, not the Indexing Service. If IIS is not running,
you are not vulnerable.

-- 
Jonathan Rickman
X Corps Security
http://www.xcorps.net
Previous By Date Next
Previous By Thread Next

Current thread: