[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: [funsec] WMF round-up, updates and de-mystification

To: "Larry Seltzer" <larry@xxxxxxxxxxxxxxxx>
Subject: Re[2]: [funsec] WMF round-up, updates and de-mystification
From: Pierre Vandevenne <pierre@xxxxxxxxxxxxxx>
Date: Tue, 3 Jan 2006 14:42:06 +0100

Good Day,

Tuesday, January 3, 2006, 12:59:22 PM, you wrote:

GE>> The "patch" by Ilfak Guilfanov works, but by disabling a DLL in Windows.
PV>> I wouldn't say it does that. If you really want to simplify it in the
LS> extreme, it hides the vulnerable function.  

LS> Think of it as a "White Hat Rootkit"

Or merely a TSR hooking an interrupt vector. It doesn't hide itself.
It doesn't allow any kind of remote access to anything.

I can't see how it could even be remotely described as a rootkit.


-- 
Best regards,
 Pierre                            mailto:pierre@xxxxxxxxxxxxxx

References:
- Re: [funsec] WMF round-up, updates and de-mystification
  - From: Pierre Vandevenne
- RE: [funsec] WMF round-up, updates and de-mystification
  - From: Larry Seltzer

Prev by Date: New from the MS Advisory
Next by Date: Dumb IE6/XP denial of service found on the web
Previous by thread: RE: [funsec] WMF round-up, updates and de-mystification
Next by thread: Re: WMF round-up, updates and de-mystification
Index(es):
- Date
- Thread