Full Disclosure mailing list archives

Re: FSA2012-1 and FSA2012-2: Chocolate easter egss vulnerable to egg white injection and usable as trojan horses.

From: rancor <therancor () gmail com>
Date: Sat, 7 Apr 2012 18:43:18 +0200

Nice catch!

"Glad påsk" as we say in Sweden
Den 7 apr 2012 16:23 skrev "klondike" <klondike () xiscosoft es>:

Given to their nature chocolate easter eggs present a few
vulnerabilities that can be exploited by a malicious attacker to gain
complete control of a person's hate.

FSA2012-1:
1. Summary
Impact: high
Exploitability: local
Synopsis: Through some special unintended actions and attacker can cause
an egg white injection into chocolate easter egss altering the nature of
the system.

2. Impact
Backgorund:
Chocolate easter eggs are a treat liked by both children and adults
during and eaten most frequently during easter.

Description:
Using a syringe with an hypodermical needle a local attacker can cause
an egg white injection into the egg inside. This can also be combined
with FSA2012-2 in order to creat trojanized chocolate eggs with a crude
egg payload.

Impact:
Injected eggs can be used to affect through social engineering
techniques to standard chocolate eggs eaters causing them to redirect
all their rage towards you. In critical cases like allergies the
individual may end up dying.

3. Workarounds:
There is currently no known workaround to the issue since it is inherent
to the easter chocolate eggs design.

FSA2012-1:
1. Summary
Impact: high
Exploitability: local
Synopsis: Through some special unintended actions and attacker can craft
trojanized chocolate easter egss whose contents won't be realized by the
attacker until it has happened.

2. Impact
Backgorund:
Chocolate easter eggs are a treat liked by both children and adults
during and eaten most frequently during easter.

Description:
It is possible to craft eggs containing the desired solid objects or
half of its contents filled with other products in not solid state. This
is done by joining both moulded egg halves together with the contents on
one of them, or coating the object in chocolate if it is eggshaped.

Impact:
Trojanized eggs can be used to affect through social engineering
techniques to standard chocolate eggs eaters causing them to redirect
all their rage towards you. In critical cases like allergies the
individual may end up dying. There have been cases where shelled hard
boiled eggs where coated in crocant chocolate in order to send the
affected user to the hospital.

3. Workarounds:
There is currently no known workaround to the issue since it is inherent
to the easter chocolate eggs design.

Thanks:
ss23
Vinky




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

FSA2012-1 and FSA2012-2: Chocolate easter egss vulnerable to egg white injection and usable as trojan horses. klondike (Apr 07)
- Re: FSA2012-1 and FSA2012-2: Chocolate easter egss vulnerable to egg white injection and usable as trojan horses. rancor (Apr 07)
- Re: FSA2012-1 and FSA2012-2: Chocolate easter egss vulnerable to egg white injection and usable as trojan horses. fabrice (Apr 07)