Penetration Testing mailing list archives
Re: New article on SecurityFocus
From: Robin <robin () kallisti net nz>
Date: Sat, 7 Jan 2006 14:22:10 +1300
On Saturday 07 January 2006 08:54, Brady McClenon wrote:
to begin with?!? Obviously the user interacted with it at some point in the past in order to put it there. The exploit would have occurred at that point, not when the file indexer finds it later!
Not necessarily. I don't know if it's still the case, but Eudora used to automatically save all attachments to a directory as they were received. I'd imagine that would be a nice and handy vector. Also, if Google Desktop should index browser caches, and the file was somehow safely downloaded by the browser, then it could potentially hit there. There are probably many other instances of apps automatically downloading and saving files in a 'safe place'. -- Robin <robin () kallisti net nz> JabberID: <eythian () jabber kallisti net nz> Hostes alienigeni me abduxerunt. Qui annus est? PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8 7175 14D3 6485 A99C EB6D
Attachment:
_bin
Description:
Current thread:
- RE: New article on SecurityFocus (.WMF Vuln), (continued)
- RE: New article on SecurityFocus (.WMF Vuln) Corey Watts-Jones (Jan 06)
- Re: New article on SecurityFocus Thor (Hammer of God) (Jan 07)
- RE: New article on SecurityFocus Navroz Shariff (Jan 06)
- RE: New article on SecurityFocus Brady McClenon (Jan 06)
- RE: New article on SecurityFocus Larry Seltzer (Jan 06)
- RE: New article on SecurityFocus Erin Carroll (Jan 06)
- Re: New article on SecurityFocus Socrates (Jan 07)
- RE: New article on SecurityFocus Murad Talukdar (Jan 09)
- RE: New article on SecurityFocus Murad Talukdar (Jan 09)
- RE: New article on SecurityFocus Larry Seltzer (Jan 06)
- RE: New article on SecurityFocus Brady McClenon (Jan 06)
- Re: New article on SecurityFocus Robin (Jan 06)
- RE: New article on SecurityFocus Jim Clausing (Jan 07)
- RE: New article on SecurityFocus Erin Carroll (Jan 07)
- Re: New article on SecurityFocus Drew Simonis (Jan 07)
- Re: New article on SecurityFocus Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Jan 07)
- RE: New article on SecurityFocus Derick Anderson (Jan 09)
- RE: New article on SecurityFocus Brady McClenon (Jan 09)
- RE: New article on SecurityFocus Larry Seltzer (Jan 09)
- RE: New article on SecurityFocus Brady McClenon (Jan 09)
- RE: New article on SecurityFocus Richard Zaluski (Jan 09)