Full Disclosure mailing list archives
Re: More information on ZERT patch for ANI 0day
From: Gadi Evron <ge () linuxbox org>
Date: Mon, 2 Apr 2007 13:10:56 -0500 (CDT)
On Mon, 2 Apr 2007, James (njan) Eaton-Lee wrote:
Gadi Evron wrote:Although eEye has released a third-party patch that will prevent the latest exploit from working, it doesn't fix the flawed copy routine. It simply requires that any cursors loaded must reside within the Windows directory (typically C:\WINDOWS\ or C:\WINNT\). This approach should successfully mitigate most "drive-by's," but might be bypassed by an attacker with access to this directory.I'm thinking that an attacker with write access to %systemroot% probably has juicier, simpler targets to attack (which potentially let them run code in a higher security context) than animated cursors.
http://www.milw0rm.com/exploits/3636
- James. -- James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org "All at sea again / And now my hurricanes Have brought down this ocean rain / To bathe me again" https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3 --
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- More information on ZERT patch for ANI 0day Gadi Evron (Apr 02)
- Re: More information on ZERT patch for ANI 0day James (njan) Eaton-Lee (Apr 02)
- Re: More information on ZERT patch for ANI 0day Gadi Evron (Apr 02)
- Re: More information on ZERT patch for ANI 0day James (njan) Eaton-Lee (Apr 02)
- Re: More information on ZERT patch for ANI 0day Gadi Evron (Apr 02)
- Re: More information on ZERT patch for ANI 0day James (njan) Eaton-Lee (Apr 02)
- Re: More information on ZERT patch for ANI 0day Gadi Evron (Apr 02)
- Re: More information on ZERT patch for ANI 0day James (njan) Eaton-Lee (Apr 02)
- Re: More information on ZERT patch for ANI 0day Gadi Evron (Apr 02)
- Re: More information on ZERT patch for ANI 0day Gadi Evron (Apr 02)
- Re: More information on ZERT patch for ANI 0day James (njan) Eaton-Lee (Apr 02)
- Re: More information on ZERT patch for ANI 0day Matthew Murphy (Apr 03)
- Re: More information on ZERT patch for ANI 0day Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Apr 03)