[24712] in bugtraq
RE: MSIE vulnerability exploitable with IncrediMail
daemon@ATHENA.MIT.EDU (Eric Detoisien)
Sat Mar 16 11:35:42 2002
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Date: Sat, 16 Mar 2002 01:53:47 +0100
Message-ID: <F785777028C3E548A6B34A75A281A9350170ED@dex01001.GLOBAL.ASP>
From: "Eric Detoisien" <eric.detoisien@global-secure.fr>
To: "Thor Larholm" <Thor@jubii.dk>
Cc: <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
>Isn't {42D00B20-479C-11d4-9706-00105A40931C} a GUID for your user account,
>and as such unknown from time to time, making the proposed exploit
>unfeasable ?
It's a clsid and the number {42D00B20-479C-11d4-9706-00105A40931C} is the same
on default installation of IncrediMail Xe (tested on W2K and W98).
Eric DETOISIEN
GLOBAL SECURE
Web : http://www.global-secure.fr
