* replace my later "possible" with "dll" (to hell with distractions!)
Cheers, Chris. On Thu, Sep 9, 2010 at 12:52 PM, Christian Sciberras <uuf6...@gmail.com> wrote: >> Bwt, you can simply turn our Internet-based test into an intranet or local >> test by >> copying the files to your local share or a folder on your computer and >> double-click >> the .wab file from there. The usual caution with runnning code from unknown >> sources >> applies, of course. > > I did better, I wrote my own test, which just like your test, it > failed proving the vulnerability. > The only difference was that I knew what was going wrong and tried to > get it to work in all ways possible; > it only seemed to work when the right possible wasn't anywhere near > the running executable (or system directories). > > Unless the whole point of the vulnerability was to exploit non-existent dlls?? > >> Can you please send the Process Monitor log for this case? We'll be happy to >> look >> into your case. > > Sure, fine by me. > > > Regards, > Chris. > > > > On Thu, Sep 9, 2010 at 12:32 PM, Mitja Kolsek > <mitja.kol...@acrossecurity.com> wrote: >> Hi Chris, >> >>> Considering Acros highlighted how their POC was highly >>> unstable (they've frequently advised to try the program >>> several times to get it to work) I don't see such abnormal >>> behaviour out of this world. >> >> Indeed, we're seeing problems with accessing (any) remote WebDAV shares from >> various >> Windows computers, while it works just great on others. Based on network >> monitoring, >> it doesn't seem to be the problem with the server though, but rather with >> occasionaly >> unreliable support for WebDAV folders in Windows. We're looking for possible >> causes >> and especially for workarounds that could improve the reliability. >> >> We'll appreciate your feedback - tell us how it worked or didn't work for >> you. It's a >> chance for us all to learn something new. >> >> Bwt, you can simply turn our Internet-based test into an intranet or local >> test by >> copying the files to your local share or a folder on your computer and >> double-click >> the .wab file from there. The usual caution with runnning code from unknown >> sources >> applies, of course. >> >>> One last thing, rather than just running a random POC I've >>> actually looked into what's going on, via Process Monitor, >>> and as far as it's concerned, it always loaded the correct >>> (ie, the original) dlls. >> >> Can you please send the Process Monitor log for this case? We'll be happy to >> look >> into your case. >> >> Cheers, >> >> Mitja Kolsek >> CEO&CTO >> >> ACROS, d.o.o. >> Makedonska ulica 113 >> SI - 2000 Maribor, Slovenia >> tel: +386 2 3000 280 >> fax: +386 2 3000 282 >> web: http://www.acrossecurity.com >> >> ACROS Security: Finding Your Digital Vulnerabilities Before Others Do >> >> >> > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/