Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DLL hijacking with Autorun on a USB drive

From: Dan Kaminsky <dan () doxpara com>
Date: Thu, 26 Aug 2010 20:39:04 -0700




On Aug 26, 2010, at 7:53 PM, Larry Seltzer <larry () larryseltzer com>  
wrote:


Instead of it executing "wab.exe (Windows Address Book) and open the
file test.vcf", one can directly get any .exe file open.


Users have shown themselves very willing to open up test.vcf.exe.



Or for that matter, test, which is actually an exe with the icon of a  
vcf.  Thus the problem with all this chortling about foolish  
applications:  the desktop simply does not possess the security model  
of the browser or the email client.

There may very well be a legitimate boundary cross from this DLL  
stuff, but we haven't seen it yet. All the present stuff has the  
indelible mark of a false boundary, in that no fix can be imagined  
that actually closes the vector.


LJS

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: