| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <96852EE3-6B12-40DD-85E5-DD33B4AE2B8E@digitaloffense.net> Date: Thu, 13 Sep 2007 12:46:34 -0500 From: Todd Manning <fdlist@...italoffense.net> To: full-disclosure@...ts.grok.org.uk Subject: Re: Next generation malware: Windows Vista's gadget API On Sep 13, 2007, at 04:16 AM, Tim Brown wrote: > A paper has just been released on the Windows Vista's gadget API. The > abstract is as follows: > > Windows has had the ability to embed HTML into it’s user interface > for many > years. Right back to and including Windows NT 4.0, it has been > possible to > embed HTML into the task bar, but the OS has always maintained a > sandbox, > from which the HTML has been unable to escape. All this changes > with Windows > Vista. This paper seeks to inform system administrators, users and the > wider community on both potential attack vectors using gadgets and the > mitigations provided by Windows Vista. > > The full paper can be found at http://www.portcullis-security.com/ > 165.php. > > Good paper; Since this is out there I figure I'll forward the much shorter article I wrote that details an attack against the contact gadget, which was patched last month. https://strikecenter.bpointsys.com/articles/2007/08/26/vista-gadget- patches-in-ms07-048 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists