Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DLL hijacking with Autorun on a USB drive

From: Christian Sciberras <uuf6429 () gmail com>
Date: Wed, 1 Sep 2010 00:57:42 +0200
From a user perspective, why can't someone run Solitaire.exe off a

USB? (as a plain example)
Consider exploits, such as BOFs caused by bad file formats, how do you
know which is secure or not?
The main difference between a BOF and this issue is that it is a
software fault, whereas the hijack "issue" is nothing less than an
impractical nitpick.





On Wed, Sep 1, 2010 at 12:34 AM,  <paul.szabo () sydney edu au> wrote:

Christian Sciberras <uuf6429 () gmail com> wrote:


Why do you say harmless? Because you know a text file can't do
anything at all.


Exactly. The victim is attempting to view a plain text file. Surely
that can be done safely?

Cheers, Paul

Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: