Dailydave mailing list archives
Re: Vista speach recognition
From: "George Ou" <george_ou () lanarchitect net>
Date: Thu, 1 Feb 2007 02:04:58 -0800
Rich verified it will work and you can execute code. So long as you stay in the user-realm, you won't trigger UAC which cannot be bypassed "by default" as Microsoft says. -----Original Message----- From: Sebastian Krahmer [mailto:krahmer () suse de] Sent: Thursday, February 01, 2007 1:32 AM To: George Ou Cc: dailydave () lists immunitysec com; 'Rich Mogull' Subject: RE: [Dailydave] Vista speach recognition On Wed, 31 Jan 2007, George Ou wrote: So we do not know yet whether dl'ing and executing user-level binaries works? Or does it not work (according to previous mail)? Sebastian
Doh! Maybe it was the right assumption that UAC isn't triggered on user-level executables. I need to verify but need to wait till I rebuild my Vista system. If anyone can verify this why my Vista system is being repaired, much appreciated. -----Original Message----- From: George Ou [mailto:george_ou () lanarchitect net] Sent: Wednesday, January 31, 2007 11:26 AM To: 'Sebastian Krahmer'; 'dailydave () lists immunitysec com'; 'Rich Mogull' Subject: RE: [Dailydave] Vista speach recognition Ah I made a wrong assumption. Any executable you launch regardless of whether it attempts to access system files or not will trigger UAC. The file deletion concept still works though. George -----Original Message----- From: George Ou [mailto:george_ou () lanarchitect net] Sent: Wednesday, January 31, 2007 3:09 AM To: 'Sebastian Krahmer'; 'dailydave () lists immunitysec com'; 'Rich Mogull' Subject: RE: [Dailydave] Vista speach recognition I just verified that TinyURL.com will give you a nice URL to an
executable.
Here's an example of a URL that opens a .EXE file. http://tinyurl.com/3d588b Now imagine that this was actually a user-mode malicious payload that avoids triggering UAC which contains ransomware. It's very easy to use Vista speech command open IE7 and say "tinyURL.com/3d588b", "enter", "run". That will actually download and launch your desired payload from any website and TinyURL will make it easy to say. This is actually easier than my successful document-deleting recycle bin emptying test because it's a shorter script. George
-- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team ~ _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Vista speach recognition, (continued)
- Re: Vista speach recognition Thierry Zoller (Jan 31)
- Re: [RGSPAM] Re: Vista speach recognition Martin Roesch (Jan 31)
- Re: [RGSPAM] Re: Vista speach recognition christian void (Jan 31)
- Re: Vista speach recognition Sebastian Krahmer (Jan 31)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Vista speach recognition George Ou (Jan 31)
- Re: Vista speach recognition dan (Jan 31)
- Re: Vista speach recognition Curt Wilson (Jan 31)
- Re: Vista speach recognition dan (Jan 31)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Vista speach recognition George Ou (Jan 31)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Vista speach recognition George Ou (Jan 31)
- Message not available
- Re: Vista speach recognition George Ou (Feb 01)
- Re: Vista speach recognition Sebastian Krahmer (Feb 01)
- Message not available
- Re: Vista speach recognition George Ou (Feb 02)
- Re: Vista speach recognition Sebastian Krahmer (Feb 02)
- Re: Vista speach recognition Dave Aitel (Feb 02)
- Re: Vista speach recognition George Ou (Jan 31)
- Re: Vista speach recognition dan (Jan 30)