And must be able to register an account on the site. Not as hard as you might imagine for some websites...
* * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Thu, Jan 5, 2012 at 9:35 AM, David Lum <[email protected]> wrote: > Confusing: “The most severe of these vulnerabilities could allow elevation > of privilege if an unauthenticated attacker sends a specially crafted web > request to the target site. An attacker who successfully exploited this > vulnerability could take any action in the context of an existing account > on the ASP.NET site, including executing arbitrary commands. In order to > exploit this vulnerability, an attacker must be able to register an account > on the ASP.NET site, and must know an existing user name.” > http://technet.microsoft.com/en-us/security/bulletin/ms11-100**** > > ** ** > > So…an unauthenticated attacker needs to know an existing user name?**** > > *David Lum* > Systems Engineer // NWEATM > Office 503.548.5229 //* *Cell (voice/text) 503.267.9764**** > > ** ** > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
