Full Disclosure mailing list archives

Re: DLL hijacking with Autorun on a USB drive

From: Valdis.Kletnieks () vt edu
Date: Fri, 27 Aug 2010 01:51:36 -0400

On Fri, 27 Aug 2010 01:29:32 EDT, Dan Kaminsky said:

Again, let me emphasize.  Really interesting vector, will probably end up
attached to an unambiguous flaw.  But right now, we're just seeing flaws
along the lines of "Double clicking an icon in Explorer might execute
arbitrary code".  It doesn't matter that that's true even if there's a
network share, or a USB stick.  That's what Explorer *does*.


And as I said, a fix that starts off with "First thing we do is feed Explorer
to a pack of hungry dingos" won't fly with Joe Sixpack. ;)

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: DLL hijacking with Autorun on a USB drive, (continued)
- Re: DLL hijacking with Autorun on a USB drive Atul Agarwal (Aug 26)
  - Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Larry Seltzer (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Larry Seltzer (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Christian Sciberras (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Michal (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Larry Seltzer (Aug 27)

(Thread continues...)