Full Disclosure mailing list archives
Re: When is it valid to claim that a vulnerability leads to a remote attack?
From: Thierry Zoller <Thierry () Zoller lu>
Date: Wed, 14 Oct 2009 14:11:50 +0200
Hi Dan, DK> There are a substantial number of file formats that are code-execution DK> equivalent with no exploits necessary -- .exe, .com, .bat, etc. You thus DK> can't say that an executed file must not execute code, because there's no DK> way for the user to know whether a file on his desktop is an .exe or DK> something else. Maybe I misunderstand what you are saying but - Isn't the point in this case is that running binary files mapped as executables is not exploiting a vulnerability in a third party application ? I understood that Jonathan was asking whether the exploitation of a file format vulnerability in Product X can be categorized as remotely exploitable - even though it is not exposed to the outside and one can only reach arbitrary control by indirect means. I think we can agree that yes, it is remotely exploitable and as such should be categorized as "remote" in Risk/Impactt scoring systems ? Does anybody disagree ? I'd be interested to hear your point of view. DK> The key here is "escalation of privilege". At the point you're launching DK> formats, the privilege has already been granted. If you could dive into this a bit more as I can't follow you here. I frankly don't know any Access control logic where running a format leads to the escalation of a privilege, per se. -- http://blog.zoller.lu Thierry Zoller _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- When is it valid to claim that a vulnerability leads to a remote attack? Jonathan Leffler (Oct 08)
- Re: When is it valid to claim that a vulnerability leads to a remote attack? Thierry Zoller (Oct 09)
- Re: When is it valid to claim that a vulnerability leads to a remote attack? Valdis . Kletnieks (Oct 09)
- Message not available
- Re: When is it valid to claim that a vulnerability leads to a remote attack? Thierry Zoller (Oct 10)
- Re: When is it valid to claim that a vulnerability leads to a remote attack? Thor (Hammer of God) (Oct 10)
- Re: When is it valid to claim that a vulnerability leads to a remote attack? James Matthews (Oct 11)
- Re: When is it valid to claim that a vulnerability leads to a remote attack? Jeremy Brown (Oct 11)
- Re: When is it valid to claim that a vulnerability leads to a remote attack? Paul Schmehl (Oct 11)
- Re: When is it valid to claim that a vulnerability leads to a remote attack? Thor (Hammer of God) (Oct 11)
- Re: [-SPAM-] Re: When is it valid to claim that a vulnerability leads to a remote attack? Thierry Zoller (Oct 12)
- Re: When is it valid to claim that a vulnerability leads to a remote attack? Valdis . Kletnieks (Oct 09)
- Re: When is it valid to claim that a vulnerability leads to a remote attack? Thierry Zoller (Oct 09)