Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DLL hijacking POC (failed, see for yourself)

From: p8x <l () p8x net>
Date: Thu, 02 Sep 2010 21:49:13 +0800
Hi Christian,

I tested the POC here on Win 7 x64 ultimate fully updated and the issue 
does work for me.



On 2/09/2010 9:44 PM, Christian Sciberras wrote:

As I said at the very first email, the POC, even at it's best, doesn't
work on my 64bit system at all.

Regards,
Chris.







On Thu, Sep 2, 2010 at 3:41 PM, Larry Seltzer <larry () larryseltzer com
<mailto:larry () larryseltzer com>> wrote:

    FYI everyone, ACROS has fixed the POC for 64-bit systems. The old one
    failed on my Win7 64-bit and the new one works.

    http://www.binaryplanting.com/test.htm

    I did notice that if you just click on the link
    (\\www.binaryplanting.com
    <http://www.binaryplanting.com>\demo\windows_address_book_64)
    Windows turns it
    into a file:// url and opens it in the default browser (Chrome in my
    case). The POC won't work because there's no remote CWD (at least I
    imagine there isn't).  If this is consistent behavior then I think
    it's a
    serious mitigation, since users typically click on links, not open
    Explorer and paste them.

    Am I wrong on Windows behavior here?

    LJS

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: