Vulnwatch mailing list archives
xp sp2 weaknesses
From: "Richie B." <richie () NO-SPAM-HERE com>
Date: Wed, 18 Aug 2004 10:20:53 +0200
I haven't seen this report here yet. Flaws in SP2 security features ============================== 1) The command shell cmd.exe ignores the ZoneID of files. 2) Windows Explorer caches the result of ZoneID lookups. If a file is overwritten, Explorer does not properly update this cached information to reflect the new ZoneID. This allows spoofing of trusted or non-existant ZoneIDs by overwriting files with trusted or non-existent ZoneIDs. URL: http://www.heise.de/security/artikel/50051 Cheers, Richie
Current thread:
- xp sp2 weaknesses Richie B. (Aug 18)
- Re: xp sp2 weaknesses hellNbak (Aug 18)