Computer Security

Security Advisory: Re: BrownOrifice can break firewalls! NOW MSIE
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Дырка в реализации JAVA в Netscape (BOHTTPD)

  Security Bulletin (MS00-059)

  JDK 1.1.x Listening Socket Vulnerability (was Re: BrownOrifice can break firewalls!)

  Internet Security Systems Security Alert: Brown Orifice, BOHTTPD, a Platform Independent Java Vulnerability in Netscape

From:Alexey Yarovinsky <ayarovin_(at)_OLTRES.COM>
Date:22.08.2000
Subject:Re: BrownOrifice can break firewalls! NOW MSIE

Hi,

The same security hole, exists in MSIE too, with one restriction: url can't
start with file:. But still the applet from outside site, can access you
intranet servers including ftps and ALL sites you have access to. The
demonstration of the bug is here:

http://www.oltres.com/ms-bug/

Thanx, Alexey.

PS: The applet was tested on WinNT 4.0sp5 with Internet Explorer both 5 and 5.5
versions.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru