Full Disclosure: Next generation malware: Windows Vista's gadget API

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Next generation malware: Windows Vista's gadget API

From: Tim Brown <tmb () 65535 com>
Date: Thu, 13 Sep 2007 10:16:37 +0100

A paper has just been released on the Windows Vista's gadget API.  The 
abstract is as follows:

Windows has had the ability to embed HTML into it’s user interface for many 
years. Right back to and including Windows NT 4.0, it has been possible to 
embed HTML into the task bar, but the OS has always maintained a sandbox, 
from which the HTML has been unable to escape. All this changes with Windows 
Vista. This paper seeks to inform system administrators, users and the
wider community on both potential attack vectors using gadgets and the 
mitigations provided by Windows Vista.

The full paper can be found at http://www.portcullis-security.com/165.php.

Cheers,
Tim
-- 
Tim Brown
<mailto:tmb () 65535 com>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Next generation malware: Windows Vista's gadget API Tim Brown (Sep 13)
- Re: Next generation malware: Windows Vista's gadget API Todd Manning (Sep 13)
- Message not available
  - Re: Next generation malware: Windows Vista's gadget API avivra (Sep 14)
- Re: Next generation malware: Windows Vista's gadget API Roger A. Grimes (Sep 16)
  - Re: Next generation malware: Windows Vista's gadget API Peter Gutmann (Sep 16)
    - Re: Next generation malware: Windows Vista's gadget API Tim Brown (Sep 15)