[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution
- To: "KF" <dotslash@snosoft.com>
- Subject: Re: [Full-Disclosure] GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution
- From: "morning_wood" <se_cur_ity@hotmail.com>
- Date: Sun, 15 Feb 2004 19:23:06 -0800
> please enlighten us on your versions numbers / patch levels wood.
> -KF
>
>
> morning_wood wrote:
> > Dunno but your message crashes OE on (pre)view.
> > no warning, no nothin... OE just *bink* closes
> > NICE JOB gta@hush.com.
> >
Symtoms were reported using the following:
Windows XP Pro ( Gold SP0 )
OE Version = 6.00.2600.0000(xpclient 010817-1148)
dll's not matching version sig:
csapi3t1.dll <unknown>
mshtml.dll 6.00.2734.1600
msoe.dll 6.00.2720.3000
msoeacct.dll 6.00.2800.1123
msoert2.dll 6.00.2800.1123
ole32.dll 5.1.2600.115(xpclient_qfe.021108-2107
riched20.dll 5.30.23.1210
riched32.dll 5.1.2600.0(xpclient 010817-1148)
wab32.dll <unknown>
wab32res.dll <unknown>
note: I was forced to go to hotmail via the web interface,
and manualy delete the message to restore function.
further, my "Security" tab in options is set to "Internet Zone"
( less secure ) on the account in question.
One more note of observance in OE6, each account can be independantly
set for "security" zones even in a single user machine. I now check
"security" settings on every account per machine ( not user login ) ,
however I have not noted if the settings are inherited from the current
IE security settings at the time of account creation ( but would explain
my different settings accross 6 accounts on a single usder box ).
Donnie Werner
http://exploitlabs.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html