I don't think you were reading the advisories properly... ;) MSDE (Microsoft SQL Server Desktop Edition) was vulnerable, which many products use, including Office, Visual Studio .NET, etc. Just to refresh your memory, here's a list of products that contain MSDE
http://www.sqlsecurity.com/forum/applicationslistgridall.aspx So, it is not a corner-case at all, not even in the slightest bit. VPNs are common enough these days, so the chances of someone VPNing into a network with an infected or infectable computer is actually pretty high. In the same vein, it looks like if a worm is released, it will most probably be easily transferable into any corporate domain that has VPNs as well, since every un-patched Windows is vulnerable. jb On Sun, 27 Jul 2003 00:41:22 -0700 (PDT) Nathan Seven ([EMAIL PROTECTED]) wrote: >--- Paul Schmehl <[EMAIL PROTECTED]> wrote: >> >> Are you really serious? Recall Slammer? There were >> networks that were >> locked down pretty tight. Slammer couldn't get in, >> right? Then one >> developer who got his unpatched copy of SQL inside >> the network, by >> logging in through VPN with his infected laptop, >> took the entire network >> down. > >Are *you* serious? > >Running MSSQL server on my laptop that I also use to >VPN in is IMO a pretty fucking corner-case... > >===== >-- >live- http://www.thedenofsin.org/ >to- AIM: IMFDUP >penetrate- http://eAnger.org/ >_may the bitches set you free_ >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________________________________ LOOK GOOD, FEEL GOOD - WWW.HEALTHIEST.CO.ZA Cool Connection, Cool Price, Internet Access for R59 monthly @ WebMail http://www.webmail.co.za/dialup/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
