[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking
- From: root <root_@xxxxxxxxxxxxxxx>
- Date: Fri, 02 Sep 2011 19:33:46 -0300
What you say? my trolling hampered by facts? unpossible!
On 09/02/2011 06:53 PM, Nahuel Grisolia wrote:
> List,
>
> On 09/02/2011 06:45 PM, root wrote:
>> You don't get the worst part: unsuccessful exploitation also leads to
>> code execution.
>> Scary stuff.
>>
>> On 09/02/2011 05:05 PM, Mario Vilas wrote:
>>> Are you guys seriously reporting that double clicking on a malicious .vbs
>>> file could lead to remote code execution? :P
>>>
>>> Either I'm missing something (and I'd welcome a rebuttal here!) or you might
>>> as well add .exe to that list. All those extensions are already executable.
>
> I think that they're talking about that executing a trusted vbs could
> lead to the execution of malicious code.
>
> :S
>
> regards,
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/