I think what's very important to note is that DEP in some cases can SEEM like it saves unprotected systems from this exploit. This is because when one of these files is SERVED via the Internet, it requires RUNDLL32.EXE to help launch the exploit ("In some cases, there are MANY Payloads Possible") so DEP can sense this and stop this, however IF one of these files somehow make it to your hard drive, on uprotected systems, they can LAUNCH without the need of RUNDLL32.exe.
Some may ask "Well How could they make it to the hard drive?", the simple answer is via some kind of Download, for example contained in a .zip or .rar file.
If in fact this happened, the simple ACT of looking at the files contained in the folder which they were located in ("On an uprotected system") can/could launch them, and there is NO requirement for thumbnail view to be on for this to happen.
This is why it is so important to test on unprotected systems both On-Line and Offline.
These test files show this:
http://www.antionline.com/showthread...hreadid=273053
Reply With Quote