|
Full Disclosure
mailing list archives
Re: More information on ZERT patch for ANI 0day
From: Gadi Evron <ge () linuxbox org>
Date: Mon, 2 Apr 2007 13:10:56 -0500 (CDT)
On Mon, 2 Apr 2007, James (njan) Eaton-Lee wrote:
Gadi Evron wrote:
Although eEye has released a third-party patch that will prevent the
latest exploit from working, it doesn't fix the flawed copy routine. It
simply requires that any cursors loaded must reside within the Windows
directory (typically C:\WINDOWS\ or C:\WINNT\). This approach should
successfully mitigate most "drive-by's," but might be bypassed by an
attacker with access to this directory.
I'm thinking that an attacker with write access to %systemroot% probably
has juicier, simpler targets to attack (which potentially let them run
code in a higher security context) than animated cursors.
http://www.milw0rm.com/exploits/3636
- James.
--
James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org
"All at sea again / And now my hurricanes
Have brought down this ocean rain / To bathe me again"
https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3
--
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
Intro
