[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Windows Vista/7 lpksetup dll hijack

To: Tyler Borland <tborland1@xxxxxxxxx>, "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Windows Vista/7 lpksetup dll hijack
From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
Date: Tue, 26 Oct 2010 17:44:22 +0000

> I thought this would've killed the exploit as it killed the process, but when 
> I sadly hit cancel, I was presented with the payload's result (calc in the 
> PoC). 
> I just thought this piece was interesting so I included it.  Sorry for any 
> confusion.

Yes, I understand that part... My point is that the payload result of "calc" 
would run like that, but if the payload did something else that required admin 
privileges, it would fail.  But I understand your point, and I do find it 
interesting that the cancel proceeds with the .dll load.  That might be 
something worth looking at in more detail.  

t

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Windows Vista/7 lpksetup dll hijack
  - From: Thor (Hammer of God)
- Re: [Full-disclosure] Windows Vista/7 lpksetup dll hijack
  - From: TBorland1
- Re: [Full-disclosure] Windows Vista/7 lpksetup dll hijack
  - From: Thor (Hammer of God)
- Re: [Full-disclosure] Windows Vista/7 lpksetup dll hijack
  - From: Tyler Borland

Prev by Date: Re: [Full-disclosure] looking for enterprise AV solution
Next by Date: Re: [Full-disclosure] Windows Vista/7 lpksetup dll hijack
Previous by thread: Re: [Full-disclosure] Windows Vista/7 lpksetup dll hijack
Next by thread: Re: [Full-disclosure] Windows Vista/7 lpksetup dll hijack
Index(es):
- Date
- Thread