Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DLL hijacking with Autorun on a USB drive

From: Charles Morris <cmorris () cs odu edu>
Date: Tue, 31 Aug 2010 17:20:20 -0400
On Tue, Aug 31, 2010 at 5:15 PM, Dan Kaminsky <dan () doxpara com> wrote:



Again, the clicker can't differentiate word (the document) from word (the
executable).  The clicker also can't differentiate word (the document) from
word (the code equivalent script).

The security model people keep presuming exists, doesn't.

Even the situation whereby a dll is dropped into a directory of documents --
the closest to a real exploit path there is -- all those docs can be
repacked into executables.



What?

I can differentiate my coolProposal.doc from msword.exe just fine..

If your statement is that the windows defaults should be changed,
including the "hide extensions" default, then I wholeheartedly agree
as I detailed in my first post. It's the first thing I turn off.

Many people who think the same way have considered that a
vulnerability in windows for years, I wouldn't consider it part of
the "DLL Hijacking" fiasco.

Cheers,
Charles

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: