| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20110708191850.3966E10E2D1@smtp.hushmail.com> Date: Fri, 08 Jul 2011 20:18:50 +0100 From: anonymous-tips@...hmail.me To: security@...ossecurity.com, dan@...para.com Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk, si-cert@...es.si, cert@...t.org Subject: Re: Binary Planting Goes "Any File Type" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dan seems to be on the money here, and remember - if the attacker can get you to click on their file or open it, you are fscked anyways. Hence, it is moreso a "way to hide your .exe" unless I am very mistaken... (again, I hope I am doing the CC/BCC thing right, call me on it if I aint) On Fri, 08 Jul 2011 20:10:31 +0100 Dan Kaminsky <dan@...para.com> wrote: >And here's where your exploit stops being one: > >=== >Suppose the current version of Apple Safari (5.0.5) is our default >web >browser. If we put the above files in the same directory (on a >local >drive or a remote share) and double-click Test.html, what happens >is >the following: >=== > >At this point, Test.html might actually be test.exe with the HTML >icon >embedded. Everything else then is unnecessary obfuscation -- code >execution was already possible the start by design. > >This is a neat vector though, and it's likely that with a bit more >work it could be turned into an actual RCE. > >On Fri, Jul 8, 2011 at 10:38 AM, ACROS Security Lists ><lists@...os.si> wrote: >> >> We published a blog post on a nice twist to binary planting >which we call "File >> Planting." There'll be much more of this from us in the future, >but here's the first >> sample for you to (hopefully) enjoy. >> >> http://blog.acrossecurity.com/2011/07/binary-planting-goes-any- >file-type.html >> >> or >> >> http://bit.ly/nXmRFD >> >> >> Best regards, >> >> Mitja Kolsek >> CEO&CTO >> >> ACROS, d.o.o. >> Makedonska ulica 113 >> SI - 2000 Maribor, Slovenia >> tel: +386 2 3000 280 >> fax: +386 2 3000 282 >> web: http://www.acrossecurity.com >> blg: http://blog.acrossecurity.com >> >> ACROS Security: Finding Your Digital Vulnerabilities Before >Others Do >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wsBcBAEBAgAGBQJOF1gaAAoJEJicku1BO3ojW2sH/jrtAW8bvfPOhjohvGke9VSbASW9 PfDV4BOHGfhG6FS/7YfUDtqABf2zNI6NlrUdOz+bKvqfZ+ugv4LRMpMiBeSr9iklDadH E3zT6r2XLXm5+blA2O8msk8bQaYT14FmCkY9ZTZxohhRkvI1l+9VFlFCAWfuWyJqLLul pTY7xXIhSBWZnJX21/+sTT5/bxkoFqBSfCtdbPdIqL8ehlY/uaY590ElCCLLQA3zI5vV HHZJ+HO6WE3vFziOMlQRMh2B6GEE/HUwNPLY9OTtOlhu7pfGpGnwIhlS5Hyj7CLH71XD h5yXVhn1hmmqHYtZ+BNssgHBizvpxMUdnJKzxDGR7Vk= =Xha9 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists