[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive

To: paul.szabo@xxxxxxxxxxxxx
Subject: Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
From: Christian Sciberras <uuf6429@xxxxxxxxx>
Date: Wed, 1 Sep 2010 00:57:42 +0200

>From a user perspective, why can't someone run Solitaire.exe off a
USB? (as a plain example)
Consider exploits, such as BOFs caused by bad file formats, how do you
know which is secure or not?
The main difference between a BOF and this issue is that it is a
software fault, whereas the hijack "issue" is nothing less than an
impractical nitpick.





On Wed, Sep 1, 2010 at 12:34 AM,  <paul.szabo@xxxxxxxxxxxxx> wrote:
> Christian Sciberras <uuf6429@xxxxxxxxx> wrote:
>
>> Why do you say harmless? Because you know a text file can't do
>> anything at all.
>
> Exactly. The victim is attempting to view a plain text file. Surely
> that can be done safely?
>
> Cheers, Paul
>
> Paul Szabo   psz@xxxxxxxxxxxxxxxxx   http://www.maths.usyd.edu.au/u/psz/
> School of Mathematics and Statistics   University of Sydney    Australia
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
  - From: Christian Sciberras
- Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
  - From: paul . szabo

Prev by Date: Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
Next by Date: Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
Previous by thread: Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
Next by thread: Re: [Full-disclosure] DLL hijacking with Autorun on a USB drive
Index(es):
- Date
- Thread