[26718] in bugtraq
Tiny3 vs Winhelp32 Bof
daemon@ATHENA.MIT.EDU (Brett Moore)
Mon Aug 19 15:07:26 2002
From: "Brett Moore" <brett@softwarecreations.co.nz>
To: <bugtraq@securityfocus.com>
Date: Mon, 19 Aug 2002 14:14:02 +1200
Message-ID: <001701c24726$15ea4840$6301a8c0@visp.visp>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
No so much a bug, more an issue of another default installation setup.
After writing an exploit for the winhelp32, I tested on a pc that had
Tiny 2 installed. As I expected Tiny stopped the outbound connection.
Testing on a Tiny 3 version had no warnings of the outbound connection.
Upon investigation it was found that winhelp32.exe is by default a
harmless application and therefore has full access no rules.
harmless application? Ever seen one of those?
