[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <01cc01c7f72c$afc6c6d0$0f545470$@com>
Date: Sat, 15 Sep 2007 03:09:28 +0300
From: "avivra" <avivra@...il.com>
To: <tmanning@...intsys.com>, <bugtraq@...urityfocus.com>,
<full-disclosure@...ts.grok.org.uk>
Subject: RE: Next generation malware: Windows Vista's gadget API
Great overview, Todd!
I've just wanted to mention that MS downplayed the vulnerabilities I've
found in Vista's Sidebar gadgets.
In my blog post
(http://aviv.raffon.net/2007/08/16/VistaGadgetsGoneWild.aspx), I've
demonstrated a scenario where a worm can be propagated by exploiting the
vulnerability in the RSS feeds gadget.
I don't understand why Microsoft rated this vulnerability as important,
instead of critical.
--Aviv.
-----Original Message-----
From: Todd Manning [mailto:sflist@...italoffense.net]
Sent: Thursday, September 13, 2007 8:47 PM
To: bugtraq@...urityfocus.com
Subject: Re: Next generation malware: Windows Vista's gadget API
On Sep 13, 2007, at 04:16 AM, Tim Brown wrote:
> A paper has just been released on the Windows Vista's gadget API. The
> abstract is as follows:
>
> Windows has had the ability to embed HTML into it's user interface
> for many
> years. Right back to and including Windows NT 4.0, it has been
> possible to
> embed HTML into the task bar, but the OS has always maintained a
> sandbox,
> from which the HTML has been unable to escape. All this changes
> with Windows
> Vista. This paper seeks to inform system administrators, users and the
> wider community on both potential attack vectors using gadgets and the
> mitigations provided by Windows Vista.
>
> The full paper can be found at http://www.portcullis-security.com/
> 165.php.
>
Good paper; Since this is out there I figure I'll forward the much
shorter article I wrote that details an attack against the contact
gadget, which was patched last month.
https://strikecenter.bpointsys.com/articles/2007/08/26/vista-gadget-
patches-in-ms07-048
Powered by blists - more mailing lists