RE: Flaws security feature of SP2

["Jonathan Rickman" <jonathan () xcorps net>]

> Exploiting this issue requires the ability to overwrite 
> existing files wich have a trusted or non-existant ZoneID. 
> Right now there is no known way to achieve this in an attack 
> mounted from the Internet.

Ok. So if I have the ability to do that, isn't it safe to say that I already
control the box?


> Vendor status
> -------------
> heise Security has notified Microsoft about both issues on 
> August 12. Microsoft Security Response Center
> responded:
>
> "We have investigated your report, as we do with all reports, 
> however in this case, we don't see these issues as being in 
> conflict with the design goals of the new protections. We are 
> always seeking improvements to our security protections and 
> this discussion will certainly provide additional input into 
> future security features and improvements, but at this time 
> we do not see these as issues that we would develop patches 
> or workarounds to address."

I'm inclined to agree with them. I see the potential for problems as you
have pointed out, but I guess I need a little help in understanding how this
could ever be more than a theoretical vulnerability. Could you perhaps
elaborate and maybe toss in a hypothetical situation or two to help me see
what you're driving at?

--
Jonathan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html