lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <200407101809.i6AI9ou19773@netsys.com> From: larry at larryseltzer.com (Larry Seltzer) Subject: What about M$ in the shell: race >>http://poc.homedns.org/execute.htm >>http://62.131.86.111/security/idiots/malware2k/installer.htm I don't think of the Shell.Application exploit as the same thing as the shell: link exploit. Am I missing something? >>shell:desktop This really doesn't impress me. I don't see this as an attack at all, unless you can find a way to overflow the folder or something like that. Can you actually run code this way, as was easy to do with Mozilla with a simple shell:folder\\foo.exe? Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.ziffdavis.com/seltzer larryseltzer@...fdavis.com