[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200709171343.36446.tmb@65535.com>
Date: Mon, 17 Sep 2007 13:43:35 +0100
From: Tim Brown <tmb@...35.com>
To: bugtraq@...urityfocus.com
Cc: vuln-dev@...urityfocus.com, webappsec@...urityfocus.com,
full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API
On Monday 17 September 2007 13:26:36 Roger A. Grimes wrote:
> I'm sorry, we'll have to agree to disagree. I don't see the new attack
> vector here. I, the attacker, have to make you download my malicious
> trojan program, which you install on your computer.
Irrespective of the rest of what Roger says (which I agree with FTR), this bit
is simply wrong. Look at the PoC that has been made public:
https://strikecenter.bpointsys.com/articles/2007/08/26/vista-gadget-patches-in-ms07-048
It's not (just) about downloading malware gadgets. It's about exploiting
vulnerabilities *in* gadgets (the default gadgets in Vista, in the case of
the PoC). Essentially anywhere a gadget calls for example eval() on
untrusted data you *may* have a a problem.
Tim
--
Tim Brown
<mailto:tmb@...35.com>
Powered by blists - more mailing lists