[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCvwp72khM-CHK7rH+1+UUZiz9a6uD7CqOeivTTxNEHqkoR6w@mail.gmail.com>
Date: Sat, 3 Sep 2011 08:29:54 +1000
From: GloW - XD <doomxd@...il.com>
To: Nahuel Grisolia <nahuel@...sai-sec.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Cybsec Advisory 2011 0901 Windows Script Host
DLL Hijacking
but if you execute a trusted vbs, you would successfully exploit anything
wouldnt you ?
id would be like running a dll using rundll32.exe my.dll , cept a vbs :s
to me makes no sense, never has, and i know what loadlibrary does, i looked
at the implications of theyre advisories, i remember when we were swarmed by
about 100 dlls wich were not 'unloaded' rproperly... lol... ok anyhow, this
makes no sense, executing a trusted vbs is 'script' many viruses have been
named .vbs and run vb script...right? so why would we need news on this...
xd
On 3 September 2011 07:53, Nahuel Grisolia <nahuel@...sai-sec.com> wrote:
> List,
>
> On 09/02/2011 06:45 PM, root wrote:
> > You don't get the worst part: unsuccessful exploitation also leads to
> > code execution.
> > Scary stuff.
> >
> > On 09/02/2011 05:05 PM, Mario Vilas wrote:
> >> Are you guys seriously reporting that double clicking on a malicious
> .vbs
> >> file could lead to remote code execution? :P
> >>
> >> Either I'm missing something (and I'd welcome a rebuttal here!) or you
> might
> >> as well add .exe to that list. All those extensions are already
> executable.
>
> I think that they're talking about that executing a trusted vbs could
> lead to the execution of malicious code.
>
> :S
>
> regards,
> --
> Nahuel Grisolia - C|EH
> Information Security Consultant
> Bonsai Information Security Project Leader
> http://www.bonsai-sec.com/
> (+54-11) 4777-3107
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists