Re: [Full-disclosure] More information on ZERT patch for ANI 0day

[Gadi Evron <ge@xxxxxxxxxxxx>]

On Mon, 2 Apr 2007, James (njan) Eaton-Lee wrote:
> Gadi,
> 
> Gadi Evron wrote:
> 
> > For a real current attack.
> 
> Understandably. This is the attack which this thread is about, as 
> indicated in the subject line of the e-mail.
> 
> To recap, you used the phrase "flawed copy routine." to refer to the 
> fact that you could carry out an attack using this particular attack 
> method by writing to "typically C:\WINDOWS\ or C:\WINNT\". Again, to 
> recap, my point was:
> 
> "an attacker with write access to %systemroot%
>   probably has juicier, simpler targets to attack (which potentially let 
> them run code in a higher security context) than animated cursors."
> 
> Do you have any reply to make to what I actually *said*?

Not really, maybe othrs do.

> 
>   - James.
> 
> -- 
>    James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org
> 
>     "All at sea again / And now my hurricanes
>     Have brought down this ocean rain / To bathe me again"
> 
>   https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3
> -- 
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/