WebApp Sec mailing list archives
Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API
From: Tim Brown <tmb () 65535 com>
Date: Mon, 17 Sep 2007 13:43:35 +0100
On Monday 17 September 2007 13:26:36 Roger A. Grimes wrote:
I'm sorry, we'll have to agree to disagree. I don't see the new attack vector here. I, the attacker, have to make you download my malicious trojan program, which you install on your computer.
Irrespective of the rest of what Roger says (which I agree with FTR), this bit is simply wrong. Look at the PoC that has been made public: https://strikecenter.bpointsys.com/articles/2007/08/26/vista-gadget-patches-in-ms07-048 It's not (just) about downloading malware gadgets. It's about exploiting vulnerabilities *in* gadgets (the default gadgets in Vista, in the case of the PoC). Essentially anywhere a gadget calls for example eval() on untrusted data you *may* have a a problem. Tim -- Tim Brown <mailto:tmb () 65535 com> ------------------------------------------------------------------------- Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008rSe --------------------------------------------------------------------------
Current thread:
- Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API Tim Brown (Sep 18)
- <Possible follow-ups>
- RE: Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API Ed Patterson (Sep 18)