Vulnerability Development mailing list archives
Re: Windows Vista winsat.exe Integer Overflow
From: Valdis.Kletnieks () vt edu
Date: Sun, 30 Mar 2008 23:52:25 -0400
On Fri, 28 Mar 2008 23:03:55 EDT, Steve Shockley said:
You'd still have to convince the user to bypass UAC when he wasn't expecting a UAC prompt, in addition to getting them to run it in the first place.
Experience has proved that neither of these should be all that difficult for an attacker - an incredibly large percentage of users will go ahead and run a .exe, clicking through multiple security warnings, if it promises to do something interesting (usually having to do with somebody famous wearing too little clothing while misbehaving...)
Attachment:
_bin
Description:
Current thread:
- Re: Windows Vista winsat.exe Integer Overflow Valdis . Kletnieks (Apr 01)
- RE: Windows Vista winsat.exe Integer Overflow Thor (Hammer of God) (Apr 02)
- Re: Windows Vista winsat.exe Integer Overflow Valdis . Kletnieks (Apr 03)
- Message not available
- Re: Windows Vista winsat.exe Integer Overflow Valdis . Kletnieks (Apr 04)
- Re: Windows Vista winsat.exe Integer Overflow Valdis . Kletnieks (Apr 03)
- RE: Windows Vista winsat.exe Integer Overflow Thor (Hammer of God) (Apr 02)