All, Has anyone tested this to determine if this exploit (http://online.securityfocus.com/archive/1/289268 ) will insert the whole file or just it's contents. To be more specific, would it be possible to use this exploit to get an end user to send you a copy of their PWL or SAM file (from repair directory)? From the information I have seen, it is unclear as to exactly how the content is attached to the malicious document, whether it is only including a copy of the actual text or of it is treating the file as an attachment. I plan to test this next week (hopefully) but thought I'd check to see if any of you have beaten me the punch. Thanks, Brandon
This archive was generated by hypermail 2b30 : Tue Oct 01 2002 - 17:11:24 PDT