Full Disclosure mailing list archives

Re: DLL hijacking with Autorun on a USB drive

From: Dan Kaminsky <dan () doxpara com>
Date: Fri, 27 Aug 2010 02:12:12 -0400

On Fri, Aug 27, 2010 at 1:51 AM, <Valdis.Kletnieks () vt edu> wrote:

On Fri, 27 Aug 2010 01:29:32 EDT, Dan Kaminsky said:

Again, let me emphasize.  Really interesting vector, will probably end up
attached to an unambiguous flaw.  But right now, we're just seeing flaws
along the lines of "Double clicking an icon in Explorer might execute
arbitrary code".  It doesn't matter that that's true even if there's a
network share, or a USB stick.  That's what Explorer *does*.


And as I said, a fix that starts off with "First thing we do is feed
Explorer
to a pack of hungry dingos" won't fly with Joe Sixpack. ;)


Eh, no sense being so specific.  I'm sure the same sort of type confusion
tricks are possible in Finder, GNOME, KDE, etc.  Desktops run arbitrary
code.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: DLL hijacking with Autorun on a USB drive, (continued)
- - Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Larry Seltzer (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 26)
    - Re: DLL hijacking with Autorun on a USB drive Larry Seltzer (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Christian Sciberras (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Michal (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Larry Seltzer (Aug 27)
    - Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 27)

(Thread continues...)