| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200601161451.29237.fdlist@digitaloffense.net> Date: Mon Jan 16 20:51:35 2006 From: fdlist at digitaloffense.net (H D Moore) Subject: WehnTrust - When you have to trust Wehntrust Any chance you contacted Wehnus about it? The "hot fix" is just to open regedit, browse to this key, and place the command line quotes. Minor problem, but I am sure Matt would have appreciated an email first. -HD On Monday 16 January 2006 14:47, Thierry Zoller wrote: > Dear List, > > Small blurp I came around; when Wehntrust creates the autostart key > it forgets to correctly quote the string in the key and thus may > trigger an autostart of c:\program.bat|exe|com up-on reboot... [2] > > Quoting [1] : > ^^^^^^^^^^^^ > ----------------------------------------------------------------------- >--- c:\program files\sub dir\program.exe, > > In this case, the system will successively expand the string when > interpreting the file path, until a module is encountered to execute. > The string used in the above example would be interpreted as follows: > > c:\program.exe > c:\program files\sub.exe > c:\program files\sub dir\program.exe > ----------------------------------------------------------------------- >------ > > [1] > http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038789 >.html [2] Only a real issue in Windows 2000, WinXP restricted > users don't have the right to write to c:\ > [3] http://secdev.zoller.lu > [4] http://www.wehnus.com/
Powered by blists - more mailing lists