[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20110708191850.3966E10E2D1@smtp.hushmail.com>
Date: Fri, 08 Jul 2011 20:18:50 +0100
From: anonymous-tips@...hmail.me
To: security@...ossecurity.com, dan@...para.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk,
si-cert@...es.si, cert@...t.org
Subject: Re: Binary Planting Goes "Any File Type"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dan seems to be on the money here, and remember - if the attacker
can get you to click on their file or open it, you are fscked
anyways.
Hence, it is moreso a "way to hide your .exe" unless I am very
mistaken...
(again, I hope I am doing the CC/BCC thing right, call me on it if
I aint)
On Fri, 08 Jul 2011 20:10:31 +0100 Dan Kaminsky <dan@...para.com>
wrote:
>And here's where your exploit stops being one:
>
>===
>Suppose the current version of Apple Safari (5.0.5) is our default
>web
>browser. If we put the above files in the same directory (on a
>local
>drive or a remote share) and double-click Test.html, what happens
>is
>the following:
>===
>
>At this point, Test.html might actually be test.exe with the HTML
>icon
>embedded. Everything else then is unnecessary obfuscation -- code
>execution was already possible the start by design.
>
>This is a neat vector though, and it's likely that with a bit more
>work it could be turned into an actual RCE.
>
>On Fri, Jul 8, 2011 at 10:38 AM, ACROS Security Lists
><lists@...os.si> wrote:
>>
>> We published a blog post on a nice twist to binary planting
>which we call "File
>> Planting." There'll be much more of this from us in the future,
>but here's the first
>> sample for you to (hopefully) enjoy.
>>
>> http://blog.acrossecurity.com/2011/07/binary-planting-goes-any-
>file-type.html
>>
>> or
>>
>> http://bit.ly/nXmRFD
>>
>>
>> Best regards,
>>
>> Mitja Kolsek
>> CEO&CTO
>>
>> ACROS, d.o.o.
>> Makedonska ulica 113
>> SI - 2000 Maribor, Slovenia
>> tel: +386 2 3000 280
>> fax: +386 2 3000 282
>> web: http://www.acrossecurity.com
>> blg: http://blog.acrossecurity.com
>>
>> ACROS Security: Finding Your Digital Vulnerabilities Before
>Others Do
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0
wsBcBAEBAgAGBQJOF1gaAAoJEJicku1BO3ojW2sH/jrtAW8bvfPOhjohvGke9VSbASW9
PfDV4BOHGfhG6FS/7YfUDtqABf2zNI6NlrUdOz+bKvqfZ+ugv4LRMpMiBeSr9iklDadH
E3zT6r2XLXm5+blA2O8msk8bQaYT14FmCkY9ZTZxohhRkvI1l+9VFlFCAWfuWyJqLLul
pTY7xXIhSBWZnJX21/+sTT5/bxkoFqBSfCtdbPdIqL8ehlY/uaY590ElCCLLQA3zI5vV
HHZJ+HO6WE3vFziOMlQRMh2B6GEE/HUwNPLY9OTtOlhu7pfGpGnwIhlS5Hyj7CLH71XD
h5yXVhn1hmmqHYtZ+BNssgHBizvpxMUdnJKzxDGR7Vk=
=Xha9
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists