Impact: System access
Where: From local network
OS: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millenium
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6
Rodrigo Gutierrez has discovered a vulnerability in Windows and Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error, which can be triggered via Internet Explorer and Windows Explorer when connecting to a file server. This can be exploited to cause a buffer overflow by setting up a malicious share with an overly long name (about 300 bytes) containing no lower case characters.
GMail security flaw
I just discovered a rather serious security flaw in Google's GMail service, currently in beta. If I wanted, right now, I could access the mailboxes of at least a dozen people, alter their user information, send e-mail using their address and otherwise generally **** up their accounts.
I won't, of course. But if someone as essentially tech-clueless as I can do it, I rather imagine more savvy and unscrupulous parties are ready and waiting to exploit this weakness.
Further: It's not a technical flaw with the GMail system. It's a combination of poor user interaction design and a little social hacking that opens up the system to potential abuse.
More at http://www.bradlands.com/weblog/archives/2004_04.shtml#000201