RE: CR II - winME? confirmation? (Slightly OT)

From: Jonathan Rickman (jonathanat_private)
Date: Thu Aug 09 2001 - 13:05:03 PDT

  • Next message: sa7ori: "RE: Wireless Lans give EVERYONE ACCESS"

    On Wed, 8 Aug 2001, Inman, Carey wrote:
    
    > Hi,
    >
    > I would like to offer a quote from MS01-033:
    >
    > "the service would not need to be running in order for an attacker to
    > exploit the vulnerability."
    >
    > http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
    > bulletin/MS01-033.asp
    >
    > Carey
    
    That quote was taken out of context...
    
    The buffer overrun occurs before any indexing functionality is requested. As a
    result, even though idq.dll is a component of Index Server/Indexing Service,
    the service would not need to be running in order for an attacker to exploit
    the vulnerability. As long as the script mapping for .idq or .ida files were
    present, and the attacker were able to establish a web session, he could exploit
    the vulnerability.
    
    James was talking about IIS, not the Indexing Service. If IIS is not running,
    you are not vulnerable.
    
    -- 
    Jonathan Rickman
    X Corps Security
    http://www.xcorps.net
    



    This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 11:42:03 PDT