Would it be possible to use a dictionary type method in conjunction with this exploit?
C:\Documents and Settings\<possible user names>\my documents\<possible file names> - Sean On Thu, Feb 4, 2010 at 10:43 AM, Carl Houseman <[email protected]> wrote: > That's a well known folder, not a well known file. Exposure of folder > contents does not appear to be included in this flaw. > > > > Again, name a well known *data file *(a specific file that exists for > nearly every Windows installation of that Windows version) that could lead > to critical harm if disclosed to an attacker. > > > > > > *From:* Jonathan Link [mailto:[email protected]] > *Sent:* Thursday, February 04, 2010 2:34 PM > *To:* NT System Admin Issues > *Subject:* Re: IE info-disclosure bug disclosed at Black Hat > > > > c:\documents and settings\<user>\My Documents > > c:\users\<user>\Documents > > > > Many companies, especially small companies store their data here. Our > users for the most part store data here for staging purposes when they are > out in the field performing an audit. Eventually it gets cleaned out when > incorporated into our engagement management software. > > > > > > On Thu, Feb 4, 2010 at 1:42 PM, Carl Houseman <[email protected]> > wrote: > > Secunia doesn't seem to think it's that critical, certainly not in the same > league as system-takeover problems. > > Name any well known data file on my computer that would cause me "super > critical" harm if disclosed. Don't bother with the local SAM, they can have > it, since there's no remote access via a local account. > > Carl > > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > > Sent: Thursday, February 04, 2010 12:29 PM > To: NT System Admin Issues > Subject: Re: IE info-disclosure bug disclosed at Black Hat > > Super critical, because paths to many well-known data files are always the > same. > > On Thu, Feb 4, 2010 at 09:10, Carl Houseman <[email protected]> wrote: > > It's not IE6, it's any version of IE that's not in "protected mode" (so, > any > > version of IE on XP, and or an elevated or UAC-disabled IE under > Vista/7). > > > > Seems not that super-critical since exploit must know a complete path to > a > > specific file that's going to be revealed. > > > > Carl > > > > -----Original Message----- > > From: Angus Scott-Fleming [mailto:[email protected]] > > Sent: Thursday, February 04, 2010 11:57 AM > > To: NT System Admin Issues > > Subject: IE info-disclosure bug disclosed at Black Hat > > > > > MSRC bulletin released, MS Security Advisory released, ZDNet Zero-Day has > a > > story. > > > > An information-leakage problem in Internet Explorer has been disclosed > > at > > this week's Black Hat conference. It seems that if you use Internet > > Explorer to surf the Internet, the Bad Guys can now read ANY FILE on > > your > > hard drive. Details and info on a Microsoft-issued "FixIt" solution > are > > > > in the latest blog entry at http://geoapps.blogspot.com/ -- so if you > > use > > IE, especially IE6, please go read up on this and get patching. > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
