Re: CR II - winME? confirmation? (Slightly OT)

From: Amer Karim (amerkat_private)
Date: Tue Aug 07 2001 - 08:03:33 PDT

Next message: lonely wolf: "Re: Code red II crashes cisco 678"

Previous message: leE: "Re: Code red II crashes cisco 678"
Next in thread: Grab Raham: "Re: CR II - winME? confirmation? (Slightly OT)"
Reply: kam: "Re: CR II - winME? confirmation? (Slightly OT)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi All,

All the advisories about CR state that only IIS servers are vulnerable.
However, it’s my understanding that the unchecked buffer in idq.dll was the
source of that vulnerability.  If that’s the case, then why have the
advisories not included Win2K systems (all flavours) since idq.dll is
installed by default as part of the indexing service on all these systems –
regardless of whether they are using the service or not?  Wouldn’t that make
ANY system with the indexing service on it just as vulnerable as systems
with IIS? Am I overlooking something obvious here?

Regards,
Amer Karim
Nautilis Information Systems
e-mail: amerkat_private, mamerkat_private

Next message: lonely wolf: "Re: Code red II crashes cisco 678"
Previous message: leE: "Re: Code red II crashes cisco 678"
Next in thread: Grab Raham: "Re: CR II - winME? confirmation? (Slightly OT)"
Reply: kam: "Re: CR II - winME? confirmation? (Slightly OT)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 10:22:17 PDT