-
August 12th, 2004, 07:12 AM
#21
Nice response people, but you too less imaginative pictures this anyone heard of .LNK files, a simple LNK file could create a bind shell through this,a bat file too.
AN OVERFLOW IS AN OVERFLOW AND IT NEEDS TO BE ACKNOWLEDGED AND FIXED.
-
August 12th, 2004, 10:08 AM
#22
Go here http://www.securityfocus.com/archive/82/316073 warlock7 and you will see that when this overflow was first found in MARCH 2003!, it was reported to microsoft and they have deemed it is not a security threat.
Maybe post a little more upto date info next time instead of a 500day exploit?
-
August 12th, 2004, 10:46 AM
#23
I could swear I'd seen a post similar to this one right here on AO.
I had the same kind of discussion then as we do now.
Unfortunatly I couldn't find the first post anymore
Nokia: I think you're confusing a system process in windows with something like a SUID program on *nix. If the overflow existed in an SUID program you can abuse it to get more privileges. But regsvr32 doesn't raise it's privileges so there's nothing to gain. It uses the same privileges as the user invoking the command. If the user has admin privileges the program, and as a consequence the payload of the overflow, has admin privileges. But if the user already has admin rights why the hassle of an overflow, that user already has all the power s/he needs to completely nuke the system.
Nice response people, but you too less imaginative pictures this anyone heard of .LNK files, a simple LNK file could create a bind shell through this,a bat file too.
Yes, you could. But isn't it alot simpler to just bind that shell directly? Why the hassle of an overflow which can and will misfire (BOs tend to depend on OS version, patchlevel, language etc.)? Just look at some of the viruses floating around. Alot of them don't even abuse a bug in the system. People will click on anything. Even if you mark your executable with a huge warning label "Running this program will install a backdoor!", people will still click on it to see what will happen.
Oliver's Law:
Experience is something you don't get until just after you need it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|