hacking security forum

Re: [Full-Disclosure] Another IE trick (Re: IE sucks : sun java virtual machine insecure tmp file creation)

From: Eric Paynter <eric@arcticbears.com>
Date: Fri Jul 09 2004 - 12:26:23 EDT

On Fri, July 9, 2004 7:43 am, http-equiv@excite.com said:
> There are lots of little .tmp files generated and accessible
> remotely to be had, Adobe *.pdf's and a vast array of Microsoft
> Office 2003 crud to name just two. Many others which have been
> identified and discussed in the past as well.

I think:

mount /dev/xxxx /tmp -o noexec

would reduce the risk significantly. Can you do something equivalent in
Windows?

-Eric

--
arctic bears - affordable custom email and name services
http://www.arcticbears.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Fri Jul 09 12:56:16 2004

This archive was generated by hypermail 2.1.8 : Fri Jul 09 2004 - 13:02:59 EDT