Full Disclosure mailing list archives
Re: Windows .ANI LoadAniIcon Stack Overflow
From: "George Ou" <george_ou () lanarchitect net>
Date: Mon, 2 Apr 2007 19:35:27 -0700
Ok thanks. I guess we need to add "steal data" to the list of things an exploited IE7 session in Vista can do. I never got to test that far because DEP nuked my browser session. George -----Original Message----- From: Alexander Sotirov [mailto:asotirov () determina com] Sent: Monday, April 02, 2007 7:14 PM To: George Ou Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow George Ou wrote:
The exploited instance of IE7 probably spawns cmd.exe with the same privilege levels as IE7 in Protected Mode, which means you don't have read/write access to the user or system files. It's still bad because you probably get to harvest all of the saved username/passwords in the browser and capture all input/output from that IE session. Now in the case of an exploited Firefox 2, you have full read/write permissions to all of the user files which means you get to steal all the user files and/or encrypt them for ransom.
Protected Mode only blocks write access. IE can write only to a few locations on the system, but it still has full read access to all files readable by the user. See http://msdn.microsoft.com/library/en-us/IETechCol/dnwebgen/ProtectedMode.asp and slides 41-53 in http://download.microsoft.com/download/0/1/3/01381C25-72DA-4AA9-B792-43E02A2 43C71/SEC403_Riley.ppt Alex _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Windows .ANI LoadAniIcon Stack Overflow, (continued)
- Re: Windows .ANI LoadAniIcon Stack Overflow Thierry Zoller (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow Larry Seltzer (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow Thierry Zoller (Apr 02)
- Message not available
- Re: Windows .ANI LoadAniIcon Stack Overflow Thierry Zoller (Apr 02)
- Message not available
- Message not available
- Re: Windows .ANI LoadAniIcon Stack Overflow Michele Cicciotti (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow George Ou (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow George Ou (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow Alexander Sotirov (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow George Ou (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow Alexander Sotirov (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow George Ou (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow Larry Seltzer (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow Larry Seltzer (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow Alexander Sotirov (Apr 02)
- Re: Windows .ANI LoadAniIcon Stack Overflow Larry Seltzer (Apr 03)
- Re: Windows .ANI LoadAniIcon Stack Overflow George Ou (Apr 03)
- Re: Windows .ANI LoadAniIcon Stack Overflow ad () heapoverflow com (Apr 03)
- Re: Windows .ANI LoadAniIcon Stack Overflow Daniel Veditz (Apr 03)
- Re: Windows .ANI LoadAniIcon Stack Overflow Larry Seltzer (Apr 03)
- Re: Windows .ANI LoadAniIcon Stack Overflow Alexander Sotirov (Apr 03)
- Re: Windows .ANI LoadAniIcon Stack Overflow Larry Seltzer (Apr 03)