('binary' encoding is not supported, stored as-is) Hello! I believe this vulnerability can be exploited remotely because a browser like IE can remotely be redirected to the UNC path or made to open a file in a UNC path: The following pieces of code can be in a HTML page on the web or in a HTML email/newsgroup message: <IFRAME src="\\ip\sharename\......."></IFRAME> or <IMG src="\\ip\sharename\......."> or <SCRIPT src="\\ip\sharename\......."></SCRIPT> ...etc... Any user that visits the page or reads the message will locally try to open the page, and thus allow the vulnerability to be exploited. TO NSFOCUS: I have tried to reproduce the bug on my win 2000 system using the above tags in a HTML page in IE 6.0 but all I got was a 'invalid pointer' error. Also, I have tried to reply to you directly but the email bounced. Please give me some more information on how to produce the bug so I can do some testing on the remote exploit or test the scenario explain above yourself. Kinds regards, Berend-Jan Wever (I am replying this late because I'm having trouble posting to bugtraq through email and finally gave up and did it online at the site.)
This archive was generated by hypermail 2b30 : Fri Apr 19 2002 - 15:01:25 PDT