RE: Next generation malware: Windows Vista's gadget API

["avivra" <avivra () gmail com>]

Great overview, Todd!
I've just wanted to mention that MS downplayed the vulnerabilities I've
found in Vista's Sidebar gadgets.
In my blog post
(http://aviv.raffon.net/2007/08/16/VistaGadgetsGoneWild.aspx), I've
demonstrated a scenario where a worm can be propagated by exploiting the
vulnerability in the RSS feeds gadget.
I don't understand why Microsoft rated this vulnerability as important,
instead of critical.

--Aviv.

-----Original Message-----
From: Todd Manning [mailto:sflist () digitaloffense net] 
Sent: Thursday, September 13, 2007 8:47 PM
To: bugtraq () securityfocus com
Subject: Re: Next generation malware: Windows Vista's gadget API

On Sep 13, 2007, at 04:16 AM, Tim Brown wrote:

> A paper has just been released on the Windows Vista's gadget API.  The
> abstract is as follows:
>
> Windows has had the ability to embed HTML into it's user interface  
> for many
> years. Right back to and including Windows NT 4.0, it has been  
> possible to
> embed HTML into the task bar, but the OS has always maintained a  
> sandbox,
> from which the HTML has been unable to escape. All this changes  
> with Windows
> Vista. This paper seeks to inform system administrators, users and the
> wider community on both potential attack vectors using gadgets and the
> mitigations provided by Windows Vista.
>
> The full paper can be found at http://www.portcullis-security.com/ 
> 165.php.


Good paper; Since this is out there I figure I'll forward the much  
shorter article I wrote that details an attack against the contact  
gadget, which was patched last month.

https://strikecenter.bpointsys.com/articles/2007/08/26/vista-gadget- 
patches-in-ms07-048