Vulnerability Development mailing list archives
Re: Windows Vista winsat.exe Integer Overflow
From: Valdis.Kletnieks () vt edu
Date: Fri, 04 Apr 2008 12:22:35 -0400
On Thu, 03 Apr 2008 10:58:14 PDT, "Thor (Hammer of God)" said:
Hey Valdis -So, if you have someone who is going to run as administrator anyway, download the untrusted .exe, execute it, and then confirm the execution of the program without concern for what happens, we can't really fault the OS for that at this point in the game.I wasn't faulting the OS - I was pointing out it's still a viable attack vector, despite the OS's best efforts to stop it.I know you weren't specifically faulting the OS for this -- it's just that when I see posts that combine the "non-issue of the day" with a requirement of "this is bad because if I can get the user to run arbitrary code as administrator first, then I use that code to exploit his vulnerability" coupled with "and this is easy because it's trivial to get people to run malicious code and we all know they all just click through all warnings" that it just gets to be too much. I'm aware that you didn't say all of the above, but it's what the net result of the thread became.
From the *prevention* side of the fence, it's true - once you get the user
to run untrusted code as administrator, the box is pwned good and thoroughly. And since there's a wide variety of things that can happen, "nuke it from orbit and re-install, it's the only way to be sure" is the operative phrase. The number of *different* things that can be done once you get an initial foothold of executing code is more probably interesting to those of us who do computer forensics, where the exact mechanism *is* relevant to figuring out what happened, and (possibly) how to prevent it from happening again.
Attachment:
_bin
Description:
Current thread:
- Re: Windows Vista winsat.exe Integer Overflow Valdis . Kletnieks (Apr 01)
- RE: Windows Vista winsat.exe Integer Overflow Thor (Hammer of God) (Apr 02)
- Re: Windows Vista winsat.exe Integer Overflow Valdis . Kletnieks (Apr 03)
- Message not available
- Re: Windows Vista winsat.exe Integer Overflow Valdis . Kletnieks (Apr 04)
- Re: Windows Vista winsat.exe Integer Overflow Valdis . Kletnieks (Apr 03)
- RE: Windows Vista winsat.exe Integer Overflow Thor (Hammer of God) (Apr 02)