lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <002d01c2e983$51a9b820$3200000a@roguenet.home>
Date: Thu, 13 Mar 2003 12:09:33 -0500
From: "Rob Shein" <shoten@...rpower.net>
To: "'Josh Gilmour'" <jgilmour@...bi.com>,
	"'descript'" <descript@...8.s0h.cc>, <vuln-dev@...urityfocus.com>,
	<bugtraq@...urityfocus.com>
Subject: RE: Win32hlp exploit for : ":LINK overflow"


I don't think you understand...a .cnt file won't do anything if you click on
it.  It's the same as if I were to create a file named
"testfile.ooongaboonga".  Windows will essentially ask, "what the hell do
you want me to do with this?" and of course the user won't have any idea
either, so nothing will happen.  YOU CANNOT RUN A .CNT FILE.  It gets called
from a help file; it's the index of the help file.

> -----Original Message-----
> From: Josh Gilmour [mailto:jgilmour@...bi.com] 
> Sent: Thursday, March 13, 2003 7:13 AM
> To: 'Rob Shein'; 'descript'; vuln-dev@...urityfocus.com; 
> bugtraq@...urityfocus.com
> Subject: RE: Win32hlp exploit for : ":LINK overflow"
> 
> 
> Personally, I know people who know that they shouldn't 
> download or open .exe's due to viruses, yet they would have 
> no clue about .cnt or .hlp files. That being said it could be 
> a risk for them, yet people with some experience would 
> noticed that something isn't right and ignore it... But 
> that's just me....
> 
> I could have it wrong also, but does the risk happen because 
> the .cnt can be emailed to someone/sent to them, and they 
> could download and run it? That's how I see it working 
> anyways, just like running an executable from an email. 
> 
> - Josh
> 
> -----Original Message-----
> From: Rob Shein [mailto:shoten@...rpower.net] 
> Sent: Tuesday, March 11, 2003 8:59 AM
> To: 'descript'; vuln-dev@...urityfocus.com; bugtraq@...urityfocus.com
> Subject: RE: Win32hlp exploit for : ":LINK overflow"
> 
> I'm not entirely sure I get how serious this is.  If I 
> understand correctly, you're modifying a .cnt file so that 
> when it's called (by using it's corresponding .hlp file) it 
> will go out and download/execute a program from a 
> predetermined site.  When you're at the stage where you can 
> modify files on the target machine, how much of a difference 
> does it make to be able to get a .cnt file to do your 
> bidding, as opposed to any executable that could have another 
> executable bound to it, for example?  Perhaps I'm missing something...
> 
> > -----Original Message-----
> > From: descript [mailto:descript@...8.s0h.cc]
> > Sent: Saturday, March 08, 2003 7:38 PM
> > To: vuln-dev@...urityfocus.com; bugtraq@...urityfocus.com
> > Subject: Win32hlp exploit for : ":LINK overflow"
> > 
> > 
> > hi list,
> > 
> > In date Sunday, 9 March, 2003 1:00 AM s0h released an exploit
> > : Win32hlp exploit for : ":LINK overflow"
> > 
> > Source : http://s0h.cc/exploit/s0h_Win32hlp.c
> > Binary : http://s0h.cc/exploit/s0h_Win32hlp.exe
> > 
> > Discovered by ThreaT <threat@....cc>.
> > Coded by ThreaT <threat@....cc>
> > Hompage : http://s0h.cc/~threat/
> > 
> > This exploit can trap a .CNT file (file with .HLP files) with
> > the arbitrary code who can download and execute a trojan 
> > without user ask.
> > 
> > This exploit was tested on :
> > 	- Windows 2000 PRO/SERVER (fr) SP0
> > 	- Windows 2000 PRO/SERVER (fr) SP1
> > 	- Windows 2000 PRO/SERVER (fr) SP2
> > 
> > 
> > Best regards,
> > descript <descript@....cc>
> > s0h - Skin of humanity
> > http://s0h.cc
> > 
> 
> 



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ