lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 13 Sep 2010 03:02:46 +0800
From: YGN Ethical Hacker Group <lists@...g.net>
To: MustLive <mustlive@...security.com.ua>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Adobe Flash Player IE version 10.1.x Insecure
 DLL Hijacking Vulnerability (dwmapi.dll)

Thanks, I tested only in IE 8 and flash player latest version at that
moment of testing.
I haven't got any update from Adobe PSIRT.
It doesn't affect all flash sites. It affects only sites whose flash
files have complex flash vars like youtube - very long string of flash
vars, which causes some flash internals to call dwmapi.dll that exists
only in Vista and up.





2010/9/13 MustLive <mustlive@...security.com.ua>:
> Hello YGN Ethical Hacker Group!
>
> Nice vulnerability and nice video. As I see from your list of DLL Hijacking
> vulnerabilities in different applications, published in FD mailing list and
> at securityvulns.com
> (http://securityvulns.com/news/Microsoft/Windows/DLLHijacking.html), you are
> planning to actively work with this type of vulnerability and find a lot of
> applications with it. Good luck you in this work.
>
> For me DLL Hijacking is not very interesting (because it's not web security
> related issue), except using this attack on browsers. And yesterday I
> checked many versions of many browsers which I had and I found such DLL
> Hijacking vulnerability in Opera (which I posted about at my site yesterday,
> and in my testing different versions of Firefox were not affected, but which
> must be affected according to Mozilla). The most interesting that I found
> new attack vector (on example of Opera), besides first attack vector with
> using of DLL Hijacking (which was described in August). I'll write more
> details about it soon.
>
> Concerning your vulnerability in Adobe Flash Player. Did you test only in IE
> and only in IE8? Because I used my own dwmapi.dll (which I created for DLL
> Hijacking tests) and I not found any affected browsers from all my browsers
> (including different versions of IE) at watching of flash-files (but your
> video shows that hole exists). Did you check only flash player 10.1.x or
> 10.0.x also?
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
> Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking Vulnerability
> (dwmapi.dll) From: YGN Ethical Hacker Group <lists () yehg net>
> Date: Fri, 10 Sep 2010 14:54:01 +0800
>
>>
>> =========================================================================================
>> Adobe Flash Player IE version 10.1.x  Insecure DLL Hijacking Vulnerability
>> (dwmapi.dll)
>>
>> =========================================================================================
>
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ