Results 1 to 3 of 3

Thread: Another Exploit:- Universal Plug & Play and ICS

  1. #1
    Senior Member
    Join Date
    Sep 2001
    Posts
    831

    Another Exploit:- Universal Plug & Play and ICS

    Microsoft today issued a critical recommendation
    regarding Windows, Windows XP, or ME machines that share internet
    connections with Windows 98/98SE clients.
    This is in relation to a unchecked buffer in Universal Plug & Play.


    View the technet article here
    -Matty_Cross
    \"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
    But when you\'re good and crazy, hehe, the skies the limit!!\"

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    742

    Re: Another Exploit:- Universal Plug & Play and ICS

    Originally posted by Matty Cross
    Microsoft today issued a critical recommendation
    regarding Windows, Windows XP, or ME machines that share internet
    connections with Windows 98/98SE clients.
    This is in relation to a unchecked buffer in Universal Plug & Play.

    View the technet article here
    Thanks for great information Matty !

    Acknowledgments
    Microsoft thanks eEye Digital Security (http://www.eeye.com) for reporting this issue to us and working with us to protect customers.
    I got a newsflash from eEye describing the security flaw above. I can't quote the original text since I need their aproval and I don't have time to get their permission. But I can advice everybody to read the full article at eEye since it contains some information not provided by microsoft. You can find the article here.

  3. #3
    Senior Member
    Join Date
    Sep 2001
    Posts
    831
    Some more News...

    'WIN-XP HOLE' MISREPRESENTED | News: SecurityFocus
    The real Windows XP vulnerability, according to this commentary, has
    been misrepresented as a Universal Plug-and-Play flaw, but the real
    problem is in XP's Simple Service Discovery Protocol (SSDP) service.
    The SSDP vulnerability arises when specially formatted notify
    datagrams are created that can be used to exploit a buffer overrun to
    gain system access, or perform DoS or DDoS attacks.

    Read More
    Here
    -Matty_Cross
    \"Isn\'t sanity just a one trick pony anyway? I mean, all you get is one trick. Rational Thinking.
    But when you\'re good and crazy, hehe, the skies the limit!!\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •