> Bwt, you can simply turn our Internet-based test into an intranet or local > test by > copying the files to your local share or a folder on your computer and > double-click > the .wab file from there. The usual caution with runnning code from unknown > sources > applies, of course.
I did better, I wrote my own test, which just like your test, it failed proving the vulnerability. The only difference was that I knew what was going wrong and tried to get it to work in all ways possible; it only seemed to work when the right possible wasn't anywhere near the running executable (or system directories). Unless the whole point of the vulnerability was to exploit non-existent dlls?? > Can you please send the Process Monitor log for this case? We'll be happy to > look > into your case. Sure, fine by me. Regards, Chris. On Thu, Sep 9, 2010 at 12:32 PM, Mitja Kolsek <mitja.kol...@acrossecurity.com> wrote: > Hi Chris, > >> Considering Acros highlighted how their POC was highly >> unstable (they've frequently advised to try the program >> several times to get it to work) I don't see such abnormal >> behaviour out of this world. > > Indeed, we're seeing problems with accessing (any) remote WebDAV shares from > various > Windows computers, while it works just great on others. Based on network > monitoring, > it doesn't seem to be the problem with the server though, but rather with > occasionaly > unreliable support for WebDAV folders in Windows. We're looking for possible > causes > and especially for workarounds that could improve the reliability. > > We'll appreciate your feedback - tell us how it worked or didn't work for > you. It's a > chance for us all to learn something new. > > Bwt, you can simply turn our Internet-based test into an intranet or local > test by > copying the files to your local share or a folder on your computer and > double-click > the .wab file from there. The usual caution with runnning code from unknown > sources > applies, of course. > >> One last thing, rather than just running a random POC I've >> actually looked into what's going on, via Process Monitor, >> and as far as it's concerned, it always loaded the correct >> (ie, the original) dlls. > > Can you please send the Process Monitor log for this case? We'll be happy to > look > into your case. > > Cheers, > > Mitja Kolsek > CEO&CTO > > ACROS, d.o.o. > Makedonska ulica 113 > SI - 2000 Maribor, Slovenia > tel: +386 2 3000 280 > fax: +386 2 3000 282 > web: http://www.acrossecurity.com > > ACROS Security: Finding Your Digital Vulnerabilities Before Others Do > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/