Full Disclosure mailing list archives
Re: Windows Vista/7 lpksetup dll hijack
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Tue, 26 Oct 2010 17:44:22 +0000
I thought this would've killed the exploit as it killed the process, but when I sadly hit cancel, I was presented with the payload's result (calc in the PoC). I just thought this piece was interesting so I included it. Sorry for any confusion.
Yes, I understand that part... My point is that the payload result of "calc" would run like that, but if the payload did something else that required admin privileges, it would fail. But I understand your point, and I do find it interesting that the cancel proceeds with the .dll load. That might be something worth looking at in more detail. t _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Windows Vista/7 lpksetup dll hijack Tyler Borland (Oct 25)
- Re: Windows Vista/7 lpksetup dll hijack Thor (Hammer of God) (Oct 25)
- Re: Windows Vista/7 lpksetup dll hijack ACROS Security Lists (Oct 25)
- Re: Windows Vista/7 lpksetup dll hijack TBorland1 (Oct 25)
- Re: Windows Vista/7 lpksetup dll hijack TBorland1 (Oct 25)
- Re: Windows Vista/7 lpksetup dll hijack Thor (Hammer of God) (Oct 25)
- Re: Windows Vista/7 lpksetup dll hijack Tyler Borland (Oct 26)
- Re: Windows Vista/7 lpksetup dll hijack Thor (Hammer of God) (Oct 26)
- Re: Windows Vista/7 lpksetup dll hijack Jann Horn (Oct 27)
- Re: Windows Vista/7 lpksetup dll hijack Thor (Hammer of God) (Oct 26)
- Re: Windows Vista/7 lpksetup dll hijack Tyler Borland (Oct 26)
- Re: Windows Vista/7 lpksetup dll hijack Thor (Hammer of God) (Oct 25)