Full Disclosure mailing list archives
Re: DLL hijacking with Autorun on a USB drive
From: Valdis.Kletnieks () vt edu
Date: Thu, 26 Aug 2010 16:47:03 -0400
On Fri, 27 Aug 2010 01:42:44 +0530, Atul Agarwal said:
IMHO, I think its rather useless. Instead of it executing "wab.exe (Windows Address Book) and open the file test.vcf", one can directly get any .exe file open.
The whole point is that launching wab.exe and opening a test file is relatively innocuous - but if you can do that, you're basically holding the user's testicles in one hand and a very sharp knife in the other. It *could* have been anything - but we'll just do something mostly harmless just to be nice. Feel free to rewrite it to do a format c:\ instead, and test on your box. Let us know which variety of PoC you prefer...
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DLL hijacking with Autorun on a USB drive matt (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Pavel Kankovsky (Aug 30)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 30)
- Re: DLL hijacking with Autorun on a USB drive Pavel Kankovsky (Aug 30)
- Re: DLL hijacking with Autorun on a USB drive Atul Agarwal (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Larry Seltzer (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)