"running" or "installed"? It is my understanding that the vulnerability exists if the files and mapping are there no matter the process state of the IIS server. Is my understanding incorrect? Jim kam wrote: > > Without IIS running, an attacker has no means of exploiting the vulnerable > file. With no access to the file, the vulnerability does not exist. If > they're running IIS, then there is a hole which they can exploit. Even > though it comes installed by default on 2000, it's not a risk until you turn > on your web services. > > kam > > ----- Original Message ----- > From: "Amer Karim" <amerkat_private> > To: "VULN-DEV List" <VULN-DEVat_private> > Sent: Tuesday, August 07, 2001 10:03 AM > Subject: Re: CR II - winME? confirmation? (Slightly OT) > > > Hi All, > > > > All the advisories about CR state that only IIS servers are vulnerable. > > However, it's my understanding that the unchecked buffer in idq.dll was > the > > source of that vulnerability. If that's the case, then why have the > > advisories not included Win2K systems (all flavours) since idq.dll is > > installed by default as part of the indexing service on all these > systems - > > regardless of whether they are using the service or not? Wouldn't that > make > > ANY system with the indexing service on it just as vulnerable as systems > > with IIS? Am I overlooking something obvious here? > > > > Regards, > > Amer Karim > > Nautilis Information Systems > > e-mail: amerkat_private, mamerkat_private > > > > > > -- James W. Meritt, CISSP, CISA Booz, Allen & Hamilton phone: (410) 684-6566
This archive was generated by hypermail 2b30 : Wed Aug 08 2001 - 10:19:40 PDT