|
|
Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' : msg#00372security.bugtraq
Dear Menashe Eliezer, Sorry for asking, but it's unclear from advisory: is it possible to access reports with either: 1. ActiveX element marked safe for scripting 2. Javascript or VBscript from "Internet" security zone Examples you give for scripting will only run in local host content, so this problem seems to be local only (default permissions for sensitive files) with minimal impact, because analysis of security policy, registry and file permissions can (mostly) be done by local user with unprivileged account. In this case risk is low. --Thursday, April 25, 2002, 5:06:32 AM, you wrote to bugtraq@xxxxxxxxxxxxxxxxx: ME> Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list) ME> Finjan Software Security Advisory ME> URL: http://www.finjan.com/mcrc/alert_show.cfm?attack_release_id=71 ME> April 24, 2002 ME> Risk: Medium ME> ------------- -- ~/ZARAZA ×åëîâåê ýòî òàéíà... ÿ çàíèìàþñü ýòîé òàéíîé ÷òîáû áûòü ÷åëîâåêîì. (Äîñòîåâñêèé) |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: CORE-20020409: Multiple vulnerabilities in stack smashing protection technologies: 00372, trial |
|---|---|
| Next by Date: | [RHSA-2002:072-07] Updated sudo packages are available: 00372, bugzilla |
| Previous by Thread: | Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)i: 00372, Menashe Eliezer |
| Next by Thread: | RE: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list): 00372, Menashe Eliezer |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |