Re: Windows Vista winsat.exe Integer Overflow

[Valdis.Kletnieks () vt edu]

On Fri, 28 Mar 2008 23:03:55 EDT, Steve Shockley said:

> You'd still have to convince the user to bypass UAC when he wasn't 
> expecting a UAC prompt, in addition to getting them to run it in the 
> first place.

Experience has proved that neither of these should be all that difficult
for an attacker - an incredibly large percentage of users will go ahead and
run a .exe, clicking through multiple security warnings, if it promises to
do something interesting (usually having to do with somebody famous wearing
too little clothing while misbehaving...)

Attachment: _bin
Description: