| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Sep 2008 17:24:15 -0400 From: "James C. Slora Jr." <james.slora@...a.com> To: <bugtraq@...urityfocus.com> Subject: RE: Google Chrome Automatic File Download Razi Shaban wrote Wednesday, September 03, 2008 2:04 PM > There's a huge difference between downloading and running. > If a file that is unwanted is auto-downloaded, just delete it. > No harm done. Unapproved download does open exploit vectors against other vulnerabilities, especially when the download is to a location the attacker can predict. Merely opening a folder in a GUI triggers exploitable actions such as icon display. Desktop.ini in Windows triggers actions when its containing folder is opened. Selecting a file to delete it can trigger other exploitable actions. Anti-virus scans and other automatic processes can be exploited by the download or even the mere presence of some hostile files. There is plenty of actual malware in the wild that only needs you to touch the file or scan it with AV or list it in the GUI to be owned, depending on companion vulnerabilities. Some vulnerability exploits are mitigated by their need to access a local file from a known location. Automatic file downloading to a predictable location eliminates that mitigation. So users should always be prompted when content is copied to any location other than their browser cache, and higher-risk file types should not even go to the cache without giving the user a fighting chance to refuse the file.
Powered by blists - more mailing lists