On Wed, 12 Jan 2005 06:52:04 +0800 "Team Pwnge" <[EMAIL PROTECTED]> wrote:
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - TEAM PWN4GE Security Advisory > PWNED- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - - - > > Severity: HIGH > Title: EXPLORER: Vulnerability in all versions of Windows > Explorer > Date: January 11, 2005 > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > - > > Synopsis > ======== > > Multiple overflows have been found in Windows Explorer, potentially > allowing a remote user to open Explorer and run files remotely. > > > Background > ========== > > Windows Explorer is an advanced browsing tool made by Microsoft. It > is used in daily tasks to open folders, copy files, delete files, > rename files and view files on a system. It is the foundation of the > World Wide Web and used by billions worldwide. It runs on an array of > machines. > > > Affected versions > ================= > > All versions of Windows' Explorer are vulnerable > > Description > =========== > > Shogun Suzuki discovered that a remote user can connect to any > machine via numerous exploits and use Windows Explorer to view files, > rename files, delete files, change permissions on files stored on a > remote machine that has been pwned. > > Impact > ====== > > A remote attacker could install something similar to PCAnywhere > after exploiting Windows and use Windows' Explorer to view, copy > and or open any file on a victims machine. > > Workaround > ========== > > On a command prompt: del C:\WINDOWS\explorer.exe Isn't explorer the program wich "shows" you the desktop? Just a clue: Use Open-, Net- or FreeBSD. These OSs are good enought for all normal tasks you've to do. Real Workaround: Change the OS There's no other way or you like to wait 5 months for a patch. You've to wait at least 4 weeks because MS don#t provide patches just because there's something critical. Oh no.. they've their "Patch-Day". Something like a game-show but even more worse because you don't get patches for all holes even you did everything right. > License > ======= > > Copyright 2005 TEAM PWN4GE > > The contents of this document are licensed under the > Creative Commons - Attribution / Share Alike license. Mails are FREE... But sometimes Linux-Users need licenses for everything... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
