Bugtraq: Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [Full-disclosure] Next generation malware: Windows Vista's gadget API

From: Tim Brown <tmb () 65535 com>
Date: Mon, 17 Sep 2007 13:43:35 +0100

On Monday 17 September 2007 13:26:36 Roger A. Grimes wrote:

I'm sorry, we'll have to agree to disagree. I don't see the new attack
vector here. I, the attacker, have to make you download my malicious
trojan program, which you install on your computer.


Irrespective of the rest of what Roger says (which I agree with FTR), this bit 
is simply wrong.  Look at the PoC that has been made public:

https://strikecenter.bpointsys.com/articles/2007/08/26/vista-gadget-patches-in-ms07-048

It's not (just) about downloading malware gadgets.  It's about exploiting 
vulnerabilities *in* gadgets (the default gadgets in Vista, in the case of 
the PoC).  Essentially anywhere a gadget calls for example eval() on 
untrusted data you *may* have a a problem.

Tim
-- 
Tim Brown
<mailto:tmb () 65535 com>

By Date By Thread

Current thread:

Re[2]: [Full-disclosure] Next generation malware: Windows Vista's gadget API, (continued)