Vulnerability Development mailing list archives
[Fwd: Re: Windows fuzz]
From: Blue Boar <BlueBoar () thievco com>
Date: Sat, 06 Jul 2002 20:04:56 -0700
-------- Original Message -------- Subject: Re: Windows fuzz Date: 06 Jul 2002 21:35:33 +0100 From: Simos Xenitellis <simos74 () gmx net> To: Blue Boar <BlueBoar () thievco com>References: <3BDDF748.E13BAD83 () thievco com> <1004440837.4618.64.camel () pc96 ma rhul ac uk> <3BDED58F.C3FB7644 () thievco com>
Dear BB, I eventually managed to publish the mentioned paper and wrote a demonstration page at http://www.isg.rhul.ac.uk/~simos/event_demo/ Feel free to pass the URL to the vuln-dev mailling list if you find it suitable. Best regards, Simos Xenitellis > Great information. You'll please post to the list when you can make it > public?> BB
> > Simos Xenitellis wrote: > > > > Hi, > > I am writing an academic paper on such vulnerabilities in event-driven > > systems and I am sending it tomorrow to a conference for review. :) > > > > In event-driven systems it is common to be able to send events > > (=messages) from unprivileged users to priviliged users (guest -> > > Administrator). In Windows 2000, an unpriviliged process (example: > > trojan horse) can enumerate all windows and identify the important ones > > for the title bar and so on. Then, it can send events to them with > > PostMessage(). There is currently no protection as to who has sent the > > message. One can use it to send custom events but the most interesting > > aspect is the sending of legitimate messages to instruct the victim to > > do things you want it. > > > > For example, check WM_TIMER. The second argument is the address of a > > function to execute. Thus, you can execute whatever lies in the address > > space of the victim. > > > > Once the paper gets accepted to the conference, I'll make it public. > > > > simos > > > > On 2001-10-30 at 00:41, Blue Boar wrote: > > > I was looking at this page today: > > > http://www.cs.wisc.edu/~bart/fuzz/fuzz-nt.html > > > After seeing it referenced in an NTBugtraq post. > > > > > > Naturally, I got to wondering if the problems described there could > > > be taken advantage of for privilege elevation. It would involve > > > being able to send Windows messages to another app, probably on the > > > same physical machine. Anyone done anything along these lines, > > > or can anyone point me at where I can read up on the security > > > surrounding message passing? > > > > > > BB > > > >
Attachment:
signature.asc
Description:
Current thread:
- [Fwd: Re: Windows fuzz] Blue Boar (Jul 06)
- Windows fuzz - Following on. Brett Moore (Jul 09)
- Re: [Fwd: Re: Windows fuzz] Andreas Hasenack (Jul 12)