lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 3 Sep 2011 08:29:54 +1000
From: GloW - XD <doomxd@...il.com>
To: Nahuel Grisolia <nahuel@...sai-sec.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Cybsec Advisory 2011 0901 Windows Script Host
 DLL Hijacking

but if you execute a trusted vbs, you would successfully exploit anything
wouldnt you ?
id would be like running a dll using rundll32.exe my.dll , cept a vbs :s

to me makes no sense, never has, and i know what loadlibrary does, i looked
at the implications of theyre advisories, i remember when we were swarmed by
about 100 dlls wich were not 'unloaded' rproperly... lol... ok anyhow, this
makes no sense, executing a trusted vbs is 'script' many viruses have been
named .vbs and run vb script...right? so why would we need news on this...
xd


On 3 September 2011 07:53, Nahuel Grisolia <nahuel@...sai-sec.com> wrote:

> List,
>
> On 09/02/2011 06:45 PM, root wrote:
> > You don't get the worst part: unsuccessful exploitation also leads to
> > code execution.
> > Scary stuff.
> >
> > On 09/02/2011 05:05 PM, Mario Vilas wrote:
> >> Are you guys seriously reporting that double clicking on a malicious
> .vbs
> >> file could lead to remote code execution? :P
> >>
> >> Either I'm missing something (and I'd welcome a rebuttal here!) or you
> might
> >> as well add .exe to that list. All those extensions are already
> executable.
>
> I think that they're talking about that executing a trusted vbs could
> lead to the execution of malicious code.
>
> :S
>
> regards,
> --
> Nahuel Grisolia - C|EH
> Information Security Consultant
> Bonsai Information Security Project Leader
> http://www.bonsai-sec.com/
> (+54-11) 4777-3107
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ