Full Disclosure mailing list archives
Re: DLL hijacking POC (failed, see for yourself)
From: Darren McDonald <athena () dmcdonald net>
Date: Thu, 2 Sep 2010 11:13:25 +0200
I think that depends if its installed and on how the setting is configured. Some environments are going to require DLLs to be loaded from remote shares, others not. This isnt a 'patch' to a software security flaw, its a security setting. Im guessing the default configuration maybe messing around with the mentioned PoC, that was my only point. On Thu, Sep 2, 2010 at 11:08 AM, Christian Sciberras <uuf6429 () gmail com> wrote:
Uh, what I was asking, is, with this patch in place, the issue is fixed, forever? Cheers, Chris. On Thu, Sep 2, 2010 at 11:07 AM, Darren McDonald <darren () dmcdonald net> wrote:We're not, Microsoft have decided to make it the system administrators problem through this registry setting. Which is fair enough IMO :) On Thu, Sep 2, 2010 at 11:03 AM, Christian Sciberras <uuf6429 () gmail com> wrote:Thanks Darren, that was very enlightening. Considering those facts, where are we at in fixing this whole issue? Cheers, Chris. On Thu, Sep 2, 2010 at 10:37 AM, Darren McDonald <athena () dmcdonald net> wrote:http://support.microsoft.com/kb/2264107 On Thu, Sep 2, 2010 at 10:30 AM, Christian Sciberras <uuf6429 () gmail com> wrote:As I said above, it was tested on Windows 7 64bit. As to the dll as far as I know, I'm not sure about that, however, it should be an easy matter of checking the binary file. Currently, I'm not on a terminal which I can do that, though. Cheers, Chris. 2010/9/2 YGN Ethical Hacker Group <lists () yehg net>Is your Windows 7 64-bit ? Your DLL is 64-bit compatible?_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DLL hijacking POC (failed, see for yourself) Christian Sciberras (Sep 01)
- Re: DLL hijacking POC (failed, see for yourself) p8x (Sep 01)
- Re: DLL hijacking POC (failed, see for yourself) Christian Sciberras (Sep 01)
- Re: DLL hijacking POC (failed, see for yourself) YGN Ethical Hacker Group (Sep 02)
- Re: DLL hijacking POC (failed, see for yourself) YGN Ethical Hacker Group (Sep 02)
- Re: DLL hijacking POC (failed, see for yourself) Christian Sciberras (Sep 02)
- Re: DLL hijacking POC (failed, see for yourself) Darren McDonald (Sep 02)
- Re: DLL hijacking POC (failed, see for yourself) Christian Sciberras (Sep 02)
- Message not available
- Re: DLL hijacking POC (failed, see for yourself) Christian Sciberras (Sep 02)
- Re: DLL hijacking POC (failed, see for yourself) Darren McDonald (Sep 02)
- Re: DLL hijacking POC (failed, see for yourself) Darren McDonald (Sep 02)
- Re: DLL hijacking POC (failed, see for yourself) Larry Seltzer (Sep 02)
- Re: DLL hijacking POC (failed, see for yourself) Christian Sciberras (Sep 02)
- Re: DLL hijacking POC (failed, see for yourself) Larry Seltzer (Sep 02)
- Re: DLL hijacking POC (failed, see for yourself) p8x (Sep 02)
- Re: DLL hijacking POC (failed, see for yourself) p8x (Sep 01)
- Re: DLL hijacking POC (failed, see for yourself) Jacky Jack (Sep 02)
- Re: DLL hijacking POC (failed, see for yourself) Christian Sciberras (Sep 14)
- Re: DLL hijacking POC (failed, see for yourself) Stefan Kanthak (Sep 16)
- Re: DLL hijacking POC (failed, see for yourself) Christian Sciberras (Sep 15)