Bugtraq mailing list archives
Re: [Full-disclosure] WehnTrust - When you have to trust Wehntrust
From: H D Moore <sflist () digitaloffense net>
Date: Mon, 16 Jan 2006 14:52:21 -0600
Any chance you contacted Wehnus about it? The "hot fix" is just to open regedit, browse to this key, and place the path inside double quotes. Minor problem, but I am sure Matt would have appreciated an email first. -HD On Monday 16 January 2006 14:47, Thierry Zoller wrote:
Dear List, Small blurp I came around; when Wehntrust creates the autostart key it forgets to correctly quote the string in the key and thus may trigger an autostart of c:\program.bat|exe|com up-on reboot... [2] Quoting [1] : ^^^^^^^^^^^^ ----------------------------------------------------------------------- --- c:\program files\sub dir\program.exe, In this case, the system will successively expand the string when interpreting the file path, until a module is encountered to execute. The string used in the above example would be interpreted as follows: c:\program.exe c:\program files\sub.exe c:\program files\sub dir\program.exe ----------------------------------------------------------------------- ------ [1] http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038789 .html [2] Only a real issue in Windows 2000, WinXP restricted users don't have the right to write to c:\ [3] http://secdev.zoller.lu [4] http://www.wehnus.com/
Current thread:
- WehnTrust - When you have to trust Wehntrust Thierry Zoller (Jan 16)
- Re: [Full-disclosure] WehnTrust - When you have to trust Wehntrust H D Moore (Jan 16)