Re: [Full-disclosure] More information on ZERT patch for ANI 0day
- From: Gadi Evron <ge@xxxxxxxxxxxx>
- Date: Mon, 2 Apr 2007 13:10:56 -0500 (CDT)
On Mon, 2 Apr 2007, James (njan) Eaton-Lee wrote:
Gadi Evron wrote:
Although eEye has released a third-party patch that will prevent the
latest exploit from working, it doesn't fix the flawed copy routine. It
simply requires that any cursors loaded must reside within the Windows
directory (typically C:\WINDOWS\ or C:\WINNT\). This approach should
successfully mitigate most "drive-by's," but might be bypassed by an
attacker with access to this directory.
I'm thinking that an attacker with write access to %systemroot% probably
has juicier, simpler targets to attack (which potentially let them run
code in a higher security context) than animated cursors.
http://www.milw0rm.com/exploits/3636
- James.
--
James (njan) Eaton-Lee | UIN: 10807960 | http://www.jeremiad.org
"All at sea again / And now my hurricanes
Have brought down this ocean rain / To bathe me again"
https://www.bsrf.org.uk | ca: https://www.cacert.org/index.php?id=3
--
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Follow-Ups:
- Re: [Full-disclosure] More information on ZERT patch for ANI 0day
- From: James (njan) Eaton-Lee
- Re: [Full-disclosure] More information on ZERT patch for ANI 0day
- References:
- Re: [Full-disclosure] More information on ZERT patch for ANI 0day
- From: James (njan) Eaton-Lee
- Re: [Full-disclosure] More information on ZERT patch for ANI 0day
- Prev by Date: Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow
- Next by Date: Re: [Full-disclosure] 0day Oracle 10g exploit - dbms_aq.enqueue - become DBA
- Previous by thread: Re: [Full-disclosure] More information on ZERT patch for ANI 0day
- Next by thread: Re: [Full-disclosure] More information on ZERT patch for ANI 0day
- Index(es):
Relevant Pages
|
