| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4611B859.7040705@determina.com> Date: Mon, 02 Apr 2007 19:13:45 -0700 From: Alexander Sotirov <asotirov@...ermina.com> To: George Ou <george_ou@...architect.net> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Windows .ANI LoadAniIcon Stack Overflow George Ou wrote: > The exploited instance of IE7 probably spawns cmd.exe with the same > privilege levels as IE7 in Protected Mode, which means you don't have > read/write access to the user or system files. It's still bad because you > probably get to harvest all of the saved username/passwords in the browser > and capture all input/output from that IE session. > > Now in the case of an exploited Firefox 2, you have full read/write > permissions to all of the user files which means you get to steal all the > user files and/or encrypt them for ransom. Protected Mode only blocks write access. IE can write only to a few locations on the system, but it still has full read access to all files readable by the user. See http://msdn.microsoft.com/library/en-us/IETechCol/dnwebgen/ProtectedMode.asp and slides 41-53 in http://download.microsoft.com/download/0/1/3/01381C25-72DA-4AA9-B792-43E02A243C71/SEC403_Riley.ppt Alex _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists