Full Disclosure mailing list archives
RE: Flaws security feature of SP2
From: "Jonathan Rickman" <jonathan () xcorps net>
Date: Mon, 16 Aug 2004 11:20:10 -0400
Exploiting this issue requires the ability to overwrite existing files wich have a trusted or non-existant ZoneID. Right now there is no known way to achieve this in an attack mounted from the Internet.
Ok. So if I have the ability to do that, isn't it safe to say that I already control the box?
Vendor status ------------- heise Security has notified Microsoft about both issues on August 12. Microsoft Security Response Center responded: "We have investigated your report, as we do with all reports, however in this case, we don't see these issues as being in conflict with the design goals of the new protections. We are always seeking improvements to our security protections and this discussion will certainly provide additional input into future security features and improvements, but at this time we do not see these as issues that we would develop patches or workarounds to address."
I'm inclined to agree with them. I see the potential for problems as you have pointed out, but I guess I need a little help in understanding how this could ever be more than a theoretical vulnerability. Could you perhaps elaborate and maybe toss in a hypothetical situation or two to help me see what you're driving at? -- Jonathan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Flaws security feature of SP2 Juergen Schmidt (Aug 16)
- Re: Flaws security feature of SP2 Barrie Dempster (Aug 16)
- RE: Flaws security feature of SP2 Jonathan Rickman (Aug 16)
- RE: Flaws security feature of SP2 Juergen Schmidt (Aug 16)
- <Possible follow-ups>
- RE: Flaws security feature of SP2 Verma, Sachin (Aug 16)