| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <A452DAD45973465B9BE58259F0A309F2@celsius>
Date: Wed, 21 May 2014 21:25:14 +0200
From: "Stefan Kanthak" <stefan.kanthak@...go.de>
To: <lcamtuf@...edump.cx>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD] Beginners error: Hewlett-Packards driver software executes
rogue binary C:\Program.exe
"Michal Zalewski" <lcamtuf-QTaIpnqiE1Ffq8cQ1yknNg@...lic.gmane.org> wrote:
>> the existence of "C:\Program.exe" must not have any bad affect
>> for any random installer not intending to execute this
>
> Sounds like a good goal.
Yes. Not just for any random installer, but for any Windows program.
<http://msdn.microsoft.com/library/cc144175.aspx>
<http://msdn.microsoft.com/library/cc144101.aspx>
| Note: If any element of the command string contains or might contain
| spaces, it must be enclosed in quotation marks.
~~~~
[...]
> Now, in practical terms... in absence of a plausible risk / attack
> vector, it doesn't sound like much of a security issue (unless you
> adopt the approach advocated on the predecessor of this list by Mr.
> Lemonias).
The plausible risk / attack vector is the same as used/shown in
<http://cwe.mitre.org/data/definitions/428.html>
<http://www.tenable.com/sc-report-templates/microsoft-windows-unquoted-service-path-enumeration>
<https://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464>
JFTR: there is no real difference between vertical and horizontal
privilege escalation.
Stefan
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists