Jump to content
SAU Community

Recommended Posts

Another one here for a whole lot of characters appearing when clicking on an image.

Also noticed when i first logged in today this site wanted to install an Active X control, some Microsoft Data something or other. I didnt install it as i didnt see a notice to say that it was okay to run on the bulletin board.

Some of the fonts are showing up larger than they usually do aswell

Are these related?

I still can't upload images into private messages.

I browse, double click and the image name appears but when I ckick on add attachment it goes to a blank page rather than show the attachment in the pm.

Anyone else have this problem or have I picked up a virus or something?

i stil cant upload, and now i cant even login to msn.. that dsb.exe must have infected my pc, and now i feel like taking SAU to court.. :\

lol, if you read the conditions when you join the site there is a bit in there about SAU not being liable for such actions as you should have adequate protection.

lol, if you read the conditions when you join the site there is a bit in there about SAU not being liable for such actions as you should have adequate protection.

im just mucking around, relax.. but i suggest u get someone to fix this crap.. the exploit is still there..

We realise there is an issue.

Its a lot harder to fix something than you realise because there are limited people with access.

And the people with access are busy, they have thier own personal lives as SAU Admins/Mods are unpaid...

If your own PC is correctly protected then you wont have an issue.

Please be patient. Constantly posting about the fact it isnt fixed, simply is not going to help the issue especially when your not even a donor :D

For the exploit to work it *needs* Microsoft XML Core Services to be installed. Microsoft XML Core Services are not installed by default on Windows XP, but there seems to be a lot of packages using it, Visual Studio appears to be one common one. You can check in the Add or Remove Programs applet if you have it installed.

> The exploit works in both IE6 and IE7, which makes sense since it's exploiting a vulnerability in an ActiveX object, not in the browser itself. When executed the exploit creates an MSXML 4.0 ActiveX object (88d969c5-f192-11d4-a65f-0040963251e5). It then uses multiple setRequestHeader() method calls to execute shellcode which is included with the exploit. Once executed the shellcode (of course) first downloads the first stage downloader. At the moment it's a file called tester.dat:

16ac9982d177a47a20c4717183493e95 tester.dat

This downloader then downloads subsequent files (yet to be analysed). It looks like some AV vendors are beggining to detect the exploit. At this moment it is being detected by McAfee as Exploit-XMLCoreSrvcs and Symantec as Bloodhound.Exploit.96*. Microsoft also detects it as Exploit:HTML/Xmlreq.A. The best protection, is to prevent the XMLHTTP 4.0 ActiveX Control from running in Internet Explorer, as stated in Microsoft's advisory: http://www.microsoft.com/technet/security/...ory/927892.mspx ."

* http://www.symantec.com/security_response/...-110611-5730-99

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Similar Content

  • Latest Posts

    • Hi all,   long time listener, first time caller   i was wondering if anyone can help me identify a transistor on the climate control unit board that decided to fry itself   I've circled it in the attached photo   any help would be appreciated
    • I mean, I got two VASS engineers to refuse to cert my own coilovers stating those very laws. Appendix B makes it pretty clear what it considers 'Variable Suspension' to be. In my lived experience they can't certify something that isn't actually in the list as something that requires certification. In the VASS engineering checklist they have to complete (LS3/NCOP11) and sign on there is nothing there. All the references inside NCOP11 state that if it's variable by the driver that height needs to maintain 100mm while the car is in motion. It states the car is lowered lowering blocks and other types of things are acceptable. Dialling out a shock is about as 'user adjustable' as changing any other suspension component lol. I wanted to have it signed off to dissuade HWP and RWC testers to state the suspension is legal to avoid having this discussion with them. The real problem is that Police and RWC/Pink/Blue slip people will say it needs engineering, and the engineers will state it doesn't need engineering. It is hugely irritating when aforementioned people get all "i know the rules mate feck off" when they don't, and the actual engineers are pleasant as all hell and do know the rules. Cars failing RWC for things that aren't listed in the RWC requirements is another thing here entirely!
    • I don't. I mean, mine's not a GTR, but it is a 32 with a lot of GTR stuff on it. But regardless, I typically buy from local suppliers. Getting stuff from Japan is seldom worth the pain. Buying from RHDJapan usually ends up in the final total of your basket being about double what you thought it would be, after all the bullshit fees and such are added on.
    • The hydrocarbon component of E10 can be shittier, and is in fact, shittier, than that used in normal 91RON fuel. That's because the octane boost provided by the ethanol allows them to use stuff that doesn't make the grade without the help. The 1c/L saving typically available on E10 is going to be massively overridden by the increased consumption caused by the ethanol and the crappier HC (ie the HCs will be less dense, meaning that there will definitely be less energy per unit volume than for more dense HCs). That is one of the reasons why P98 will return better fuel consumption than 91 does, even with the ignition timing completely fixed. There is more energy per unit volume because the HCs used in 98 are higher density than in the lawnmower fuel.
    • No, I'd suggest that that is the checklist for pneumatic/hydraulic adjustable systems. I would say, based on my years of reading and complying with Australian Standards and similar regulations, that the narrow interpretation of Clause 3.2 b would be the preferred/expected/intended one, by the author, and those using the standard. Wishful thinking need not apply.
×
×
  • Create New...