Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: First vulnerabilities in the SP2 - XP ?...

from [Larry Seltzer] Network Security [Permanent Link]
Subject: RE: First vulnerabilities in the SP2 - XP ?...
Date: Wed, 18 Aug 2004 14:04:44 -0400 
Given that the scenario behind this presumes that the user downloads an
executable and runs it from the command line one could be just as
vulnerable running Mozilla or any other browser that allows you to
download files. Add a chmod step and other operating systems are just as
"vulnerable." 

The only remotely interesting point here is that zone information
doesn't follow the files reliably into the file system. Personally I'm
not surprised by this, and it appears that neither is Microsoft. He's
assuming behavior that isn't indicated or documented.

Where do we draw the line on this social engineering stuff? If I send an
e-mail to someone telling them to flush their iPod down the crapper does
that mean the iPod is vulnerable to a toilet attack?

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
larryseltzer@ziffdavis.com 
-----Original Message-----
From: Oliver Schneider [mailto:Borbarad@gmxpro.net] 
Sent: Tuesday, August 17, 2004 12:30 PM
To: "Jérôme" ATHIAS
Cc: bugtraq@securityfocus.com
Subject: Re: First vulnerabilities in the SP2 - XP ?...

Hi,


http://www.heise.de/security/artikel/50051

I also read this yesterday (the German version) and I think it's not a
vulnerability. It's IMO a misconception in the way how SP2 treats alien
executables. And on the other hand it does not actually lower the value
of
SP2 concerning security - because the rest of SP2 already boosted
security (this time despite compatibility issues - thanks to MS for
finally skipping compatibility in favor of security). But I agree with
the author that MS should fix this anyway!

Can someone please check if ShellExecute()/ShellExecuteEx() behave
different from the CreateProcess-functions *)? Could that be the reason?
Where is the information stored, that a file was downloaded - ADS? -
EAs?
... some arcane new feature?

Oliver

*) CreateProcess, CreateProcessAsUser, CreateProcessWithLogonW,
CreateProcessWithTokenW

--
---------------------------------------------------
May the source be with you, stranger ... ;)
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Breaking windows LM hashes using the Time-Memory Trade-Off : Optimization & new tool, Jérôme
Next by Date:  Re[2]: [Full-Disclosure] Security aspects of time synchronization infrastructure, 3APA3A
Previous by Thread:  Re: First vulnerabilities in the SP2 - XP ?..., Oliver Schneider
Next by Thread:  Re: First vulnerabilities in the SP2 - XP ?..., Colin Alston
Indexes:  [Date] [Thread] [Top] [All Lists]