lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <43BBEBA1.6040705@coresecurity.com>
Date: Wed, 04 Jan 2006 12:37:05 -0300
From: Ivan Arce <ivan.arce@...esecurity.com>
To: bugtraq@...urityfocus.com
Subject: Another WMF exploit workaround


For those interested, Core FORCE its a free endpoint security software
currently in Beta stage. With it users can configure access control
permissions to file system objects independently of the operating
System's ACLs and security policy enforcement mechanisms.

The default security profiles of IE and FireFox included the package
distribution prevented exploitation of the WMF bug through those
vectors. Simply because they denied execution of rundll32.exe from
within IE or Firefox. The same applies to the MSN Messenger profile
submitted to the profiles repository site.

Furthermore you can explicitly configure permissions to deny & log
read/exec access to shimgvw.dll system wide or on per application basis.
This is functionally equivalent to Microsoft's suggested workaround of
unregistering the DLL but the advantage is that it does not matter if
some program registers it back or if somehow a program tries to load and
execute the DLL in anyway.

Core Force is available at http://force.coresecurity.com

As I said, it is still beta make sure you read the software
compatibility and known issues list and the docs.

-ivan



-- 
---
To strive, to seek, to find, and not to yield.
- Alfred, Lord Tennyson Ulysses,1842

Ivan Arce
CTO
CORE SECURITY TECHNOLOGIES

46 Farnsworth Street
Boston, MA 02210
Ph: 617-399-6980
Fax: 617-399-6987
ivan.arce@...esecurity.com
www.coresecurity.com

PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836  B25D 207B E78E 2AD1 F65A



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ