[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
- To: Larry Seltzer <larry@xxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
- From: Dan Kaminsky <dan@xxxxxxxxxxx>
- Date: Thu, 26 Aug 2010 20:39:04 -0700
On Aug 26, 2010, at 7:53 PM, Larry Seltzer <larry@xxxxxxxxxxxxxxxx>
wrote:
>> Instead of it executing "wab.exe (Windows Address Book) and open the
>> file test.vcf", one can directly get any .exe file open.
>
> Users have shown themselves very willing to open up test.vcf.exe.
>
Or for that matter, test, which is actually an exe with the icon of a
vcf. Thus the problem with all this chortling about foolish
applications: the desktop simply does not possess the security model
of the browser or the email client.
There may very well be a legitimate boundary cross from this DLL
stuff, but we haven't seen it yet. All the present stuff has the
indelible mark of a false boundary, in that no fix can be imagined
that actually closes the vector.
> LJS
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/