[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security bugs in interactions between IE 5.x, IIS 5.0 and Exc hange 2000

Subject: Re: Security bugs in interactions between IE 5.x, IIS 5.0 and Exc hange 2000
From: Tim Hollebeek <thollebeek@CIGITAL.COM>
Date: Fri, 30 Mar 2001 12:32:01 -0500
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: BUGTRAQ@SECURITYFOCUS.COM
Reply-To: Tim Hollebeek <thollebeek@CIGITAL.COM>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>

> If Guninski is right, and there is a bug involving the Microsoft OLE
> DB Provider for Internet Publishing that allows malicious websites
> to execute queries into sites local to the vulnerable user under that
> user's context then it's more than likely that some of those local
> sites in deed don't request any kind of authentication or then
> authenticate the user automatically using NT Challenge/Response. And
> that would mean clear access past any firewalls into the
> local intranet.
> Sure, you have to know the site names but that's what social
> engineering
> is for.

Or simply guess that it is something common like "mail", "intranet" or
"exchange".  Since the attacker has the ability to access the resource
programmatically, testing a set of plausible names until the correct one is
found is possible, and may even have a very high probability of success.

Tim Hollebeek
Research Scientist
Cigital Labs

Prev by Date: Re: Microsoft Security Bulletin MS01-019
Next by Date: Re: ptrace/execve race condition exploit (brute force)
Prev by thread: Webspirs remote script explotation
Index(es):
- Date
- Thread