Re: [SEC-LABS] Win32 Device Drivers Communication ...

[psz () maths usyd edu au (Paul Szabo)]

> The Sec-Labs security research group found a bug in Win32 Device Drivers
> Communication, the white-paper for this vulnerability can be viewed at
> http://sec-labs.hack.pl , the exploit code for Symantec Norton AntiVirus
> '2002 (probably all versions) Device Driver is also stored at our homepage. 
>
> The full link to the white paper: 
> http://sec-labs.hack.pl/papers/win32ddc.php

Two questions:

Can this problem be classified as a "shatter" attack? The similarity I see
is that Windows takes an address and does things with it without any checks.

Could other drivers (part of a "standard" Windows install) be exploited?
Maybe the CON: driver where we have some control over the output?

I apologize if these are "stupid" questions.

Thanks,

Paul Szabo - psz () maths usyd edu au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html