Full Disclosure: Re: Internet Explorer 7 - Still Spyware Writers' Heaven

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Internet Explorer 7 - Still Spyware Writers' Heaven

From: "Eliah Kagan" <degeneracypressure () gmail com>
Date: Fri, 3 Nov 2006 21:25:38 -0500

On 11/2/06, Roger A. Grimes wrote:

So, if you're statement is accurate that malware would need to be placed
in a directory identified by the PATH statement, we can relax because
that would require Administrator access to pull off. Admin access would
be needed to modify the PATH statement appropriately to include the
user's desktop or some other new user writable location or Admin access
would be needed to copy a file into the locations indicated by the
default PATH statement.


It would not require *administrator* access--non-administrator users
can still add things to their own PATHs, just not to the universal,
system PATH. (See Control Panel > System > Advanced > Environment
Variables.)

-Eliah

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Internet Explorer 7 - Still Spyware Writers' Heaven avivra (Nov 01)
- Re: Internet Explorer 7 - Still Spyware Writers' Heaven Roger A. Grimes (Nov 02)
  - Re: Internet Explorer 7 - Still Spyware Writers' Heaven Eliah Kagan (Nov 03)
    - Re: Internet Explorer 7 - Still Spyware Writers' Heaven Thierry Zoller (Nov 04)
    - Re: Internet Explorer 7 - Still Spyware Writers' Heaven Joshua Gimer (Nov 05)
    - Re: Internet Explorer 7 - Still Spyware Writers' Heaven Eliah Kagan (Nov 04)
    - Re: Internet Explorer 7 - Still Spyware Writers' Heaven Roger A. Grimes (Nov 06)