Re: [Full-disclosure] Binary Planting Goes "Any File Type"



Ok, Dan, just for you:

Launch Internet Explorer 9 on Windows 7 (probably other IE/Win works too), go to File->Open (or press Ctrl+O), browse to Test.html and open it. No double-clicking and you couldn't launch an executable this way. Better?

Cheers,
Mitja

On Jul 8, 2011, at 9:10 PM, Dan Kaminsky <dan@xxxxxxxxxxx> wrote:

And here's where your exploit stops being one:

===
Suppose the current version of Apple Safari (5.0.5) is our default web
browser. If we put the above files in the same directory (on a local
drive or a remote share) and double-click Test.html, what happens is
the following:
===

At this point, Test.html might actually be test.exe with the HTML icon
embedded. Everything else then is unnecessary obfuscation -- code
execution was already possible the start by design.

This is a neat vector though, and it's likely that with a bit more
work it could be turned into an actual RCE.

On Fri, Jul 8, 2011 at 10:38 AM, ACROS Security Lists <lists@xxxxxxxx> wrote:

We published a blog post on a nice twist to binary planting which we call "File
Planting." There'll be much more of this from us in the future, but here's the first
sample for you to (hopefully) enjoy.

http://blog.acrossecurity.com/2011/07/binary-planting-goes-any-file-type.html

or

http://bit.ly/nXmRFD


Best regards,

Mitja Kolsek
CEO&CTO

ACROS, d.o.o.
Makedonska ulica 113
SI - 2000 Maribor, Slovenia
tel: +386 2 3000 280
fax: +386 2 3000 282
web: http://www.acrossecurity.com
blg: http://blog.acrossecurity.com

ACROS Security: Finding Your Digital Vulnerabilities Before Others Do


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages