Bugtraq mailing list archives
RE: First vulnerabilities in the SP2 - XP ?...
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Wed, 18 Aug 2004 14:04:44 -0400
Given that the scenario behind this presumes that the user downloads an executable and runs it from the command line one could be just as vulnerable running Mozilla or any other browser that allows you to download files. Add a chmod step and other operating systems are just as "vulnerable." The only remotely interesting point here is that zone information doesn't follow the files reliably into the file system. Personally I'm not surprised by this, and it appears that neither is Microsoft. He's assuming behavior that isn't indicated or documented. Where do we draw the line on this social engineering stuff? If I send an e-mail to someone telling them to flush their iPod down the crapper does that mean the iPod is vulnerable to a toilet attack? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer larryseltzer () ziffdavis com -----Original Message----- From: Oliver Schneider [mailto:Borbarad () gmxpro net] Sent: Tuesday, August 17, 2004 12:30 PM To: "Jérôme" ATHIAS Cc: bugtraq () securityfocus com Subject: Re: First vulnerabilities in the SP2 - XP ?... Hi,
http://www.heise.de/security/artikel/50051
I also read this yesterday (the German version) and I think it's not a vulnerability. It's IMO a misconception in the way how SP2 treats alien executables. And on the other hand it does not actually lower the value of SP2 concerning security - because the rest of SP2 already boosted security (this time despite compatibility issues - thanks to MS for finally skipping compatibility in favor of security). But I agree with the author that MS should fix this anyway! Can someone please check if ShellExecute()/ShellExecuteEx() behave different from the CreateProcess-functions *)? Could that be the reason? Where is the information stored, that a file was downloaded - ADS? - EAs? ... some arcane new feature? Oliver *) CreateProcess, CreateProcessAsUser, CreateProcessWithLogonW, CreateProcessWithTokenW -- --------------------------------------------------- May the source be with you, stranger ... ;)
Current thread:
- First vulnerabilities in the SP2 - XP ?... Jérôme (Aug 16)
- Re: First vulnerabilities in the SP2 - XP ?... Colin Alston (Aug 17)
- Re: First vulnerabilities in the SP2 - XP ?... Oliver Schneider (Aug 17)
- RE: First vulnerabilities in the SP2 - XP ?... Larry Seltzer (Aug 19)
- Re: First vulnerabilities in the SP2 - XP ?... Radoslav Dejanović (Aug 18)
- Re: First vulnerabilities in the SP2 - XP ?... Robert Decker (Aug 19)
- <Possible follow-ups>
- RE: First vulnerabilities in the SP2 - XP ?... Thor Larholm (Aug 19)
- Re: First vulnerabilities in the SP2 - XP ?... Matthew Roberts (Aug 20)
- RE: First vulnerabilities in the SP2 - XP ?... Larry Seltzer (Aug 23)