Vulnerability Development mailing list archives

Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs

From: mrousseau () LABCAL COM (Maxime Rousseau)
Date: Fri, 12 May 2000 12:21:50 -0400


This argument makes no sense at all, if your scripting hosts are
trojanted i think you have problems FAR more serious then having your
.vbs always authenticates. Its pointless to assume protection where your
trusted base is no longer trustable.

Masial

! -----Original Message-----
! From: Daniel S. Otis-Vigil
! Sent: Friday, May 12, 2000 12:19 AM
! Subject: Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs
!
! What's to stop a trojaner from just replacing wscript.exe and or
cscript.exe
! with their own copy that always authenticates?

Current thread:

xsoldier mandrake exploit. egid=games with the right shellcode, (continued)
- - - xsoldier mandrake exploit. egid=games with the right shellcode Larry C$ (May 15)
    - Re: QPOP2.5* exploit ?? rpc (May 14)
    - Fwd: [Newssubmission: Security vulnerability in the ICS HTTPServer component] TLsecurity.net (May 14)
    - Re: regarding phrack49's stack smashing tutorial Pavel Kankovsky (May 14)
    - Re: regarding phrack49's stack smashing tutorial Darshan Patil (May 14)
  - Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 13)
  - is: tcp/ip vuln, not?... was: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 13)
    - Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs Crispin Cowan (May 15)
    - Re: is: tcp/ip vuln, not?... was: WSCRIPT.EXE ,CSCRIPT.EXE replacement for *.vbs Jason Legate (May 17)
  - Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 13)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Maxime Rousseau (May 12)
  - Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Richard Rager (May 13)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Daniel P. Zepeda (May 14)
  - Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 16)
- Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Istvan Takacs (May 15)
  - Re: WSCRIPT.EXE , CSCRIPT.EXE replacement for *.vbs Bluefish (May 16)