| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4E615075.6010407@bonsai-sec.com> Date: Fri, 02 Sep 2011 18:53:57 -0300 From: Nahuel Grisolia <nahuel@...sai-sec.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Cybsec Advisory 2011 0901 Windows Script Host DLL Hijacking List, On 09/02/2011 06:45 PM, root wrote: > You don't get the worst part: unsuccessful exploitation also leads to > code execution. > Scary stuff. > > On 09/02/2011 05:05 PM, Mario Vilas wrote: >> Are you guys seriously reporting that double clicking on a malicious .vbs >> file could lead to remote code execution? :P >> >> Either I'm missing something (and I'd welcome a rebuttal here!) or you might >> as well add .exe to that list. All those extensions are already executable. I think that they're talking about that executing a trusted vbs could lead to the execution of malicious code. :S regards, -- Nahuel Grisolia - C|EH Information Security Consultant Bonsai Information Security Project Leader http://www.bonsai-sec.com/ (+54-11) 4777-3107 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists