lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEW7ACmK-LJiCbs4ia+dk1QYfTPf-HSsYA-1CGHxAq-xyJTiiA@mail.gmail.com> Date: Fri, 8 Jul 2011 12:10:31 -0700 From: Dan Kaminsky <dan@...para.com> To: security@...ossecurity.com Cc: si-cert@...es.si, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, cert@...t.org Subject: Re: Binary Planting Goes "Any File Type" And here's where your exploit stops being one: === Suppose the current version of Apple Safari (5.0.5) is our default web browser. If we put the above files in the same directory (on a local drive or a remote share) and double-click Test.html, what happens is the following: === At this point, Test.html might actually be test.exe with the HTML icon embedded. Everything else then is unnecessary obfuscation -- code execution was already possible the start by design. This is a neat vector though, and it's likely that with a bit more work it could be turned into an actual RCE. On Fri, Jul 8, 2011 at 10:38 AM, ACROS Security Lists <lists@...os.si> wrote: > > We published a blog post on a nice twist to binary planting which we call "File > Planting." There'll be much more of this from us in the future, but here's the first > sample for you to (hopefully) enjoy. > > http://blog.acrossecurity.com/2011/07/binary-planting-goes-any-file-type.html > > or > > http://bit.ly/nXmRFD > > > Best regards, > > Mitja Kolsek > CEO&CTO > > ACROS, d.o.o. > Makedonska ulica 113 > SI - 2000 Maribor, Slovenia > tel: +386 2 3000 280 > fax: +386 2 3000 282 > web: http://www.acrossecurity.com > blg: http://blog.acrossecurity.com > > ACROS Security: Finding Your Digital Vulnerabilities Before Others Do > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists