BTW, someone reminded me that this looked very similar to the "MK Overrun" exploit Dildog, from The l0pht, described in their advisory from 1/14/98. I set the MKEnabled registry entry to "No", and the exploit still works. Of course I'm testing on IE 4.01 (4.72.2106.8). Just an FYI in case you thought it was just a repeat of the same old bug. It may well be a minor variation, but its not the same bug. Cheers, Russ Cooper R.C. Consulting, Inc. - NT/Internet Security http://www.ntbugtraq.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:46:39 PDT