Tiny3 vs Winhelp32 Bof

From: Brett Moore (brettat_private)
Date: Sun Aug 18 2002 - 19:14:02 PDT

Next message: Ulf Harnhammar: "Lynx CRLF Injection"

Previous message: nCipher Support: "nCipher Advisory #5: C_Verify validates incorrect symmetric signatures"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

No so much a bug, more an issue of another default installation setup.

After writing an exploit for the winhelp32, I tested on a pc that had
Tiny 2 installed. As I expected Tiny stopped the outbound connection.

Testing on a Tiny 3 version had no warnings of the outbound connection.

Upon investigation it was found that winhelp32.exe is by default a 
harmless application and therefore has full access no rules.

harmless application? Ever seen one of those?

Next message: Ulf Harnhammar: "Lynx CRLF Injection"
Previous message: nCipher Support: "nCipher Advisory #5: C_Verify validates incorrect symmetric signatures"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 19 2002 - 12:06:57 PDT