<< Previous Next >>
XP SP3
>>
>> The quote that stands out most for me:
>> <snip>
>> During the Q&A, however, Windows users repeatedly asked Microsoft's
>> security team to explain why it wasn't patching XP, or if, in certain
>> scenarios, their machines might be at risk. "We still use Windows XP
>> and we do not use Windows Firewall," read one of the user questions.
>> "We use a third-party vendor firewall product. Even assuming that we
>> use the Windows Firewall, if there are services listening, such as
>> remote desktop, wouldn't then Windows XP be vulnerable to this?"
>>
text/plain. If the deployment manifest is opened (i.e. using Windows
Explorer), the warning is shown.
Permissions in the Local Machine security zone
Prior to Windows XP Service Pack 2 if a web page was loaded in the Local
Machine security zone, it was granted full privileges. For example, it
could read local files or worse invoke an unsafe ActiveX control and
gain full control of the target machine. In Service Pack 2, Microsoft
introduced the Local Machine Zone Lockdown that greatly reduced the
privileges of web pages running in the Local Machine zone. With
>
> The quote that stands out most for me:
> <snip>
> During the Q&A, however, Windows users repeatedly asked Microsoft's
> security team to explain why it wasn't patching XP, or if, in certain
> scenarios, their machines might be at risk. "We still use Windows XP
> and
> we do not use Windows Firewall," read one of the user questions. "We
> use
> a third-party vendor firewall product. Even assuming that we use the
> Windows Firewall, if there are services listening, such as remote
* example :
* ##########################################################################################
# Coded By SimO-s0fT #
* # 0 [*]Microsoft Windows Trust SP3 (Frensh):ESP #
* # 1 [*]Microsoft Windows Trust SP2 (Frensh):ESP #
* # 2 [*]Microsoft Windows XP SP3 (Frensh) : ESP #
* # 3 [*]Microsoft Windows XP SP2 (Frensh) : ESP #
* # USAGE : #
* # exploit1.exe file.rml platform #
* # more information contact me { Maroc-anti-connexion[at]hotmail[dot]com } #
* # failed...: No such file or directory #
The quote that stands out most for me:
<snip>
During the Q&A, however, Windows users repeatedly asked Microsoft's
security team to explain why it wasn't patching XP, or if, in certain
scenarios, their machines might be at risk. "We still use Windows XP and
we do not use Windows Firewall," read one of the user questions. "We use
a third-party vendor firewall product. Even assuming that we use the
Windows Firewall, if there are services listening, such as remote
desktop, wouldn't then Windows XP be vulnerable to this?"
> >> The quote that stands out most for me:
> >> <snip>
> >> During the Q&A, however, Windows users repeatedly asked Microsoft's
> >> security team to explain why it wasn't patching XP, or if, in
> certain
> >> scenarios, their machines might be at risk. "We still use Windows XP
> >> and we do not use Windows Firewall," read one of the user questions.
> >> "We use a third-party vendor firewall product. Even assuming that we
> >> use the Windows Firewall, if there are services listening, such as
> >> remote desktop, wouldn't then Windows XP be vulnerable to this?"
> >>
A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM) running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code.
References: None
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v6.41, v7.01, v7.50 running XPL earlier than 03.10.040 on HP-UX, Solaris, Windows NT, Windows 2000, Windows XP, and Linux
BACKGROUND
The Hewlett-Packard Company thanks Cody Pierce of TippingPoint DV Labs (dvlabs.tippingpoint.com) for reporting this vulnerability to security-alert@hp.com.
. Windows 7
. Windows Vista
. Windows Server 2008 R2
. Windows Server 2008
. Microsoft Windows XP
. Microsoft Windows Server 2003
5. *Non-vulnerable packages*
> To: bugtraq@securityfocus.com
> Subject: Tests about semicolon zero-day (BID 37460)
>
> Tests about semicolon zero-day (BID 37460)
>
> Tests in Windows XP SP3 and IIS 5.1
> The results are:
> 18:21:18 172.16.5.79 GET /t.asp;.jpg 200
> The file founded, but not interpreted! IIS print the asp souce code at
> screen.
>
The installer OPPro16_TD.exe (a self-extracting RAR archive) was
published "Tue, 30 Jun 2009 14:38:28 GMT" (according to its HTTP
time stamp), unpacking reveals a BUILD.ID "OP-0861-035-7563.1134"
with time stamp "Tue, 17 Jun 2008 09:51:32".
After installation on a fully patched Windows XP with Service Pack 3
the following vulnerable Microsoft runtime libraries are found:
1. %SystemRoot%\SYSTEM32\GDIPLUS.DLL 5.1.3097 2001-06-15 21:00
GDIPLUS.DLL has been patched several times since 2001, see
entomology@recurity-labs.com
Date: 09.09.2009
________________________________________________________________________
Vendor: Microsoft Corporation
Product: Microsoft Windows XP/Vista TCP/IP-Stack
Vulnerability: TCP/IP Orphaned Connections Vulnerability
Affected Releases: Windows Vista Business SP1/ Windows XP SP3
Severity: Moderate
CVE: CVE-2009-1926
________________________________________________________________________
------------------------------------------------------------------------
Tested version
------------------------------------------------------------------------
This issue was tested on Akamai Download Manager version 2.2.4.8 using
Windows XP SP3 running Internet Explorer 6, 7 & 8 and Windows Vista
running Internet Explorer 8.
------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
. Windows Server 2008 R2 for x64-based Systems SP1
5. *Non-vulnerable packages*
. Windows XP SP3
. Windows XP Professional x64 Edition SP2
. Windows Server 2003 SP2
. Windows Server 2003 x64 Edition SP2
. Windows Server 2003 with SP2 for Itanium-based Systems
. Windows Vista SP1 and Windows Vista SP2
neighbourhood cache.
Affected products
-----------------
- Microsoft Windows XP, Server 2003 and earlier versions are affected
- Microsoft Windows Vista and 7 are affected by a variant of this vulnerability.
A race condition in the second negotiation transaction can cause a remote denial
of service. See Microsoft advisory for more details:
- http://go.microsoft.com/fwlink/?LinkId=178850
# Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 Local Kernel Mode D.O.S Exploit
# Date: 2011-1-16
# Author: MJ0011
# Version: KingSoft AntiVirus 2011 SP5.2 with KisKrnl.sys <=2011.1.13.89
# Tested on: Windows XP SP3
DETAILS:
KisKrnl.sys hook the kernel function KiFastCallEntry , but is not correctly handle user stack pointer
>>>>> security team to explain why it wasn't patching XP, or if, in
>>>>>
>>> certain
>>>
>>>>> scenarios, their machines might be at risk. "We still use Windows
> XP
>>>>> and we do not use Windows Firewall," read one of the user
> questions.
>>>>> "We use a third-party vendor firewall product. Even assuming that
> we
>>>>> use the Windows Firewall, if there are services listening, such as
Tests about semicolon zero-day (BID 37460)
Tests in Windows XP SP3 and IIS 5.1
The results are:
18:21:18 172.16.5.79 GET /t.asp;.jpg 200
The file founded, but not interpreted! IIS print the asp souce code at screen.
Testing in 2003 Server IIS 6.0 SP 2 works perfect! the .jpg is
interpreted as .asp
2009-12-28 18:56:37 W3SVC1 172.16.5.79 GET /t.asp;.jpg - 80 -
--Monday, April 20, 2009, 8:17:24 PM, you wrote to bugtraq@securityfocus.com:
SK> Windows Update (as well as Microsoft Update and the Automatic Update)
SK> installs an outdated (and from its manufacturer unsupported) Flash
SK> Player ActiveX control on Windows XP.
SK> Although this fact is nothing really new it but shows the lack of taking
SK> care for security problems and in general the chuzpe of many software
SK> "producers" to ship their "products" with outdated and often vulnerable
> To: bugtraq@securityfocus.com
> Subject: Tests about semicolon zero-day (BID 37460)
>
> Tests about semicolon zero-day (BID 37460)
>
> Tests in Windows XP SP3 and IIS 5.1
> The results are:
> 18:21:18 172.16.5.79 GET /t.asp;.jpg 200
> The file founded, but not interpreted! IIS print the asp souce code at
> screen.
>
|
Platform: Windows ALL |
|
Bug: Remote Integrer Overflow |
|
Tested agains: WMP 9, 10, 11, vista sp1, windows 7(from the HEC leak), windows XP sp3 |
|
Merry-Christmas to all ;) |
----------------------------------------------------------------------------------------|
|
1) Introduction |
#[+] Bug : EesySec Personal Firewall Remote Buffer Overflow Exploit
#[+] program Download : http://www.effectmatrix.com/easysec/
#[+] Author : the_Edit0r
#[+] Contact me : the_3dit0r[at]Yahoo[dot]coM
#[+] Greetz to all my friends
#[+] Tested on: Windows XP Pro SP3
#[+] web site: Expl0iters.ir * Anti-security.ir
#[+] Big thnx: H4ckcity Member
use IO::Socket;
if(@ARGV < 2){
print q(
machine) to plant a malicious executable with a specific name on the local
drive and wait for this executable to get launched when another user logs
on to the virtual machine.
While this scenario is usually blocked on default VMware Tools'
installations on Windows XP, Windows Vista and Windows 7 due to the
default file system ACLs, a non-administrative local attacker can launch
the attack against virtual machines where VMware Tools were installed on
non-default locations, e.g., on a non-system drive. Additionally, the
attack is always possible on pre- Windows XP systems such as Windows 2000.
----------------------------------------------------------------
<form name="ret">
<input type=radio name="os" value="%u4141%u4141">
DoS<br>
<input type=radio name="os" value="%uaf0a%u77d5">
Windows XP SP2 German<br>
<input type=radio name="os" value="%u30D7%u7E68">
Windows XP SP3 German<br>
<input type=button name="Submit" VALUE="Exploit">
</form>
<img src="http://sotiriu.de/images/logo_wh_80.png">
[ NO RESULTS ]
--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<-
PHP 5.3.0 Windows XP (WampServer 2.0i install)
C:\PHPFS_MAD2> php alfi_fuzzer.php
! Valid chars are: \x20 ( ), \x22 ("), \x2E (.), \x3C (<), \x3E (>)
! Valid strings are all combinations of the above chars.
Windows Update (as well as Microsoft Update and the Automatic Update)
installs an outdated (and from its manufacturer unsupported) Flash
Player ActiveX control on Windows XP.
Although this fact is nothing really new it but shows the lack of taking
care for security problems and in general the chuzpe of many software
"producers" to ship their "products" with outdated and often vulnerable
components.
(x.0)
'=.|w|.='
_='`"``=.
Microsoft Help Files (.CHM): 'Locked File' Bypass
Versions Affected: Windows XP, Windows Vista, Windows 7
pdf: http://www.security-assessment.com/files/advisories/Windows_Locked_HelpFiles.pdf
+-----------+
|Description|
>>>>>>>
>>>>> certain
>>>>>
>>>>>>> scenarios, their machines might be at risk. "We still use Windows
>>>>>>>
>>> XP
>>>
>>>>>>> and we do not use Windows Firewall," read one of the user
>>>>>>>
>>> questions.
>>>
transferring local audio and video information to remote and so on.
Affected Software Versions:
Microsoft Windows Live Messenger 4.7 on Windows XP and Windows Server 2003
Microsoft Windows Live Messenger 5.1 on Windows 2000, Windows XP
and Windows Server 2003
>
>--Monday, April 20, 2009, 8:17:24 PM, you wrote to bugtraq@securityfocus.com:
>
>SK> Windows Update (as well as Microsoft Update and the Automatic Update)
>SK> installs an outdated (and from its manufacturer unsupported) Flash
>SK> Player ActiveX control on Windows XP.
>
>
>SK> Although this fact is nothing really new it but shows the lack of taking
>SK> care for security problems and in general the chuzpe of many software
>SK> "producers" to ship their "products" with outdated and often vulnerable
>>> certain
>>>
>>>
>>>>> scenarios, their machines might be at risk. "We still use Windows
>>>>>
> XP
>
>>>>> and we do not use Windows Firewall," read one of the user
>>>>>
> questions.
>
<<Previous Next>>
|
