[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API
From: Tim Brown <tmb@xxxxxxxxx>
Date: Mon, 17 Sep 2007 13:43:35 +0100

On Monday 17 September 2007 13:26:36 Roger A. Grimes wrote:

> I'm sorry, we'll have to agree to disagree. I don't see the new attack
> vector here. I, the attacker, have to make you download my malicious
> trojan program, which you install on your computer.

Irrespective of the rest of what Roger says (which I agree with FTR), this bit 
is simply wrong.  Look at the PoC that has been made public:

https://strikecenter.bpointsys.com/articles/2007/08/26/vista-gadget-patches-in-ms07-048

It's not (just) about downloading malware gadgets.  It's about exploiting 
vulnerabilities *in* gadgets (the default gadgets in Vista, in the case of 
the PoC).  Essentially anywhere a gadget calls for example eval() on 
untrusted data you *may* have a a problem.

Tim
-- 
Tim Brown
<mailto:tmb@xxxxxxxxx>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API
  - From: Thierry Zoller

Prev by Date: [Full-disclosure] IE (Internet Explorer) pwns SecondLife
Next by Date: [Full-disclosure] [SECURITY] [DSA 1375-1] New OpenOffice.org packages fix arbitrary code execution
Previous by thread: Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API
Next by thread: Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API
Index(es):
- Date
- Thread