| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Sep 2011 08:54:46 +1000 From: paul.szabo@...ney.edu.au To: cybseclabs@...sec.com, full-disclosure@...ts.grok.org.uk Subject: Re: Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking > Application: wscript.exe > Extensions: js, jse, vbe, vbs, wsf, wsh > Library: wshesn.dll Many people commented that the above extensions are "executable" already, so are (should be) treated with caution, or that they can be trojaned directly without any DLL load shenanigans. However... looking at http://technet.microsoft.com/en-us/library/cc288335%28office.12%29.aspx http://office.microsoft.com/en-us/windows-sharepoint-services-help/types-of-files-that-cannot-be-added-to-a-list-or-library-HA010100147.aspx I do not see JS listed as executable, though JSE is listed. Looking at http://msdn.microsoft.com/en-us/library/ms722429.aspx I see JS (but not JSE) listed. Checking secpol.msc on my WindowsXP machine, none of the above extensions are "designated". Maybe DLL hijacking is useful for some of these file types, after all? Cheers, Paul Paul Szabo psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists