Full Disclosure mailing list archives
Re: Binary Planting Goes "Any File Type"
From: anonymous-tips () hushmail me
Date: Fri, 08 Jul 2011 20:18:50 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dan seems to be on the money here, and remember - if the attacker can get you to click on their file or open it, you are fscked anyways. Hence, it is moreso a "way to hide your .exe" unless I am very mistaken... (again, I hope I am doing the CC/BCC thing right, call me on it if I aint) On Fri, 08 Jul 2011 20:10:31 +0100 Dan Kaminsky <dan () doxpara com> wrote:
And here's where your exploit stops being one: === Suppose the current version of Apple Safari (5.0.5) is our default web browser. If we put the above files in the same directory (on a local drive or a remote share) and double-click Test.html, what happens is the following: === At this point, Test.html might actually be test.exe with the HTML icon embedded. Everything else then is unnecessary obfuscation -- code execution was already possible the start by design. This is a neat vector though, and it's likely that with a bit more work it could be turned into an actual RCE. On Fri, Jul 8, 2011 at 10:38 AM, ACROS Security Lists <lists () acros si> wrote:We published a blog post on a nice twist to binary plantingwhich we call "FilePlanting." There'll be much more of this from us in the future,but here's the firstsample for you to (hopefully) enjoy. http://blog.acrossecurity.com/2011/07/binary-planting-goes-any-file-type.htmlor http://bit.ly/nXmRFD Best regards, Mitja Kolsek CEO&CTO ACROS, d.o.o. Makedonska ulica 113 SI - 2000 Maribor, Slovenia tel: +386 2 3000 280 fax: +386 2 3000 282 web: http://www.acrossecurity.com blg: http://blog.acrossecurity.com ACROS Security: Finding Your Digital Vulnerabilities BeforeOthers Do_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wsBcBAEBAgAGBQJOF1gaAAoJEJicku1BO3ojW2sH/jrtAW8bvfPOhjohvGke9VSbASW9 PfDV4BOHGfhG6FS/7YfUDtqABf2zNI6NlrUdOz+bKvqfZ+ugv4LRMpMiBeSr9iklDadH E3zT6r2XLXm5+blA2O8msk8bQaYT14FmCkY9ZTZxohhRkvI1l+9VFlFCAWfuWyJqLLul pTY7xXIhSBWZnJX21/+sTT5/bxkoFqBSfCtdbPdIqL8ehlY/uaY590ElCCLLQA3zI5vV HHZJ+HO6WE3vFziOMlQRMh2B6GEE/HUwNPLY9OTtOlhu7pfGpGnwIhlS5Hyj7CLH71XD h5yXVhn1hmmqHYtZ+BNssgHBizvpxMUdnJKzxDGR7Vk= =Xha9 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Binary Planting Goes "Any File Type", (continued)
- Re: Binary Planting Goes "Any File Type" Dan Kaminsky (Jul 08)
- Re: Binary Planting Goes "Any File Type" Mitja Kolsek (Jul 08)
- Re: Binary Planting Goes "Any File Type" Dan Kaminsky (Jul 08)
- Re: Binary Planting Goes "Any File Type" Mitja Kolsek (Jul 09)
- Re: Binary Planting Goes "Any File Type" Mario Vilas (Jul 09)
- Re: Binary Planting Goes "Any File Type" Mitja Kolsek (Jul 10)
- Re: Binary Planting Goes "Any File Type" Mitja Kolsek (Jul 08)
- Re: Binary Planting Goes "Any File Type" Dan Kaminsky (Jul 08)
- Re: Binary Planting Goes "Any File Type" Mitja Kolsek (Jul 09)
- Re: Binary Planting Goes "Any File Type" Tim (Jul 09)
- Re: Binary Planting Goes "Any File Type" Mitja Kolsek (Jul 10)