Full Disclosure mailing list archives
Re: FSA2012-1 and FSA2012-2: Chocolate easter egss vulnerable to egg white injection and usable as trojan horses.
From: rancor <therancor () gmail com>
Date: Sat, 7 Apr 2012 18:43:18 +0200
Nice catch! "Glad påsk" as we say in Sweden Den 7 apr 2012 16:23 skrev "klondike" <klondike () xiscosoft es>:
Given to their nature chocolate easter eggs present a few vulnerabilities that can be exploited by a malicious attacker to gain complete control of a person's hate. FSA2012-1: 1. Summary Impact: high Exploitability: local Synopsis: Through some special unintended actions and attacker can cause an egg white injection into chocolate easter egss altering the nature of the system. 2. Impact Backgorund: Chocolate easter eggs are a treat liked by both children and adults during and eaten most frequently during easter. Description: Using a syringe with an hypodermical needle a local attacker can cause an egg white injection into the egg inside. This can also be combined with FSA2012-2 in order to creat trojanized chocolate eggs with a crude egg payload. Impact: Injected eggs can be used to affect through social engineering techniques to standard chocolate eggs eaters causing them to redirect all their rage towards you. In critical cases like allergies the individual may end up dying. 3. Workarounds: There is currently no known workaround to the issue since it is inherent to the easter chocolate eggs design. FSA2012-1: 1. Summary Impact: high Exploitability: local Synopsis: Through some special unintended actions and attacker can craft trojanized chocolate easter egss whose contents won't be realized by the attacker until it has happened. 2. Impact Backgorund: Chocolate easter eggs are a treat liked by both children and adults during and eaten most frequently during easter. Description: It is possible to craft eggs containing the desired solid objects or half of its contents filled with other products in not solid state. This is done by joining both moulded egg halves together with the contents on one of them, or coating the object in chocolate if it is eggshaped. Impact: Trojanized eggs can be used to affect through social engineering techniques to standard chocolate eggs eaters causing them to redirect all their rage towards you. In critical cases like allergies the individual may end up dying. There have been cases where shelled hard boiled eggs where coated in crocant chocolate in order to send the affected user to the hospital. 3. Workarounds: There is currently no known workaround to the issue since it is inherent to the easter chocolate eggs design. Thanks: ss23 Vinky _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- FSA2012-1 and FSA2012-2: Chocolate easter egss vulnerable to egg white injection and usable as trojan horses. klondike (Apr 07)
- Re: FSA2012-1 and FSA2012-2: Chocolate easter egss vulnerable to egg white injection and usable as trojan horses. rancor (Apr 07)
- Re: FSA2012-1 and FSA2012-2: Chocolate easter egss vulnerable to egg white injection and usable as trojan horses. fabrice (Apr 07)