Dailydave mailing list archives
Re: Vista speach recognition
From: Sebastian Krahmer <krahmer () suse de>
Date: Thu, 1 Feb 2007 11:09:38 +0100 (CET)
On Thu, 1 Feb 2007, George Ou wrote: BTW, is there a specification which actions by a binary will trigger UAC? opening sockets? executing command shell? UAC might be bypassed as well, remember all the kernel level exploits for Linux, there might be similar ones for Win. Sebastian
Rich verified it will work and you can execute code. So long as you stay in the user-realm, you won't trigger UAC which cannot be bypassed "by default" as Microsoft says. -----Original Message----- From: Sebastian Krahmer [mailto:krahmer () suse de] Sent: Thursday, February 01, 2007 1:32 AM To: George Ou Cc: dailydave () lists immunitysec com; 'Rich Mogull' Subject: RE: [Dailydave] Vista speach recognition On Wed, 31 Jan 2007, George Ou wrote: So we do not know yet whether dl'ing and executing user-level binaries works? Or does it not work (according to previous mail)? SebastianDoh! Maybe it was the right assumption that UAC isn't triggered on user-level executables. I need to verify but need to wait till I rebuild my Vista system. If anyone can verify this why my Vista system is being repaired, much appreciated. -----Original Message----- From: George Ou [mailto:george_ou () lanarchitect net] Sent: Wednesday, January 31, 2007 11:26 AM To: 'Sebastian Krahmer'; 'dailydave () lists immunitysec com'; 'Rich Mogull' Subject: RE: [Dailydave] Vista speach recognition Ah I made a wrong assumption. Any executable you launch regardless of whether it attempts to access system files or not will trigger UAC. The file deletion concept still works though. George -----Original Message----- From: George Ou [mailto:george_ou () lanarchitect net] Sent: Wednesday, January 31, 2007 3:09 AM To: 'Sebastian Krahmer'; 'dailydave () lists immunitysec com'; 'Rich Mogull' Subject: RE: [Dailydave] Vista speach recognition I just verified that TinyURL.com will give you a nice URL to anexecutable.Here's an example of a URL that opens a .EXE file. http://tinyurl.com/3d588b Now imagine that this was actually a user-mode malicious payload that avoids triggering UAC which contains ransomware. It's very easy to use Vista speech command open IE7 and say "tinyURL.com/3d588b", "enter", "run". That will actually download and launch your desired payload from any website and TinyURL will make it easy to say. This is actually easier than my successful document-deleting recycle bin emptying test because it's a shorter script. George-- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team ~
-- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team ~ _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: [RGSPAM] Re: Vista speach recognition, (continued)
- Re: [RGSPAM] Re: Vista speach recognition Martin Roesch (Jan 31)
- Re: [RGSPAM] Re: Vista speach recognition christian void (Jan 31)
- Re: Vista speach recognition Sebastian Krahmer (Jan 31)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Vista speach recognition George Ou (Jan 31)
- Re: Vista speach recognition dan (Jan 31)
- Re: Vista speach recognition Curt Wilson (Jan 31)
- Re: Vista speach recognition dan (Jan 31)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Vista speach recognition George Ou (Jan 31)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Vista speach recognition George Ou (Jan 31)
- Message not available
- Re: Vista speach recognition George Ou (Feb 01)
- Re: Vista speach recognition Sebastian Krahmer (Feb 01)
- Message not available
- Re: Vista speach recognition George Ou (Feb 02)
- Re: Vista speach recognition Sebastian Krahmer (Feb 02)
- Re: Vista speach recognition Dave Aitel (Feb 02)
- Re: Vista speach recognition George Ou (Jan 31)
- Re: Vista speach recognition dan (Jan 30)