Re: [Full-disclosure] Downloads Folder: A Binary Planting Minefield

The #1 item on your list of countermeasures should be to advise people to
not run with admin privileges in general and especially when surfing the
web. Your #5 item seems risky to me because the executable won't be updated
if Microsoft issues a patch.



-----Original Message-----
From: ACROS Security Lists [mailto:lists@xxxxxxxx]
Sent: Friday, February 17, 2012 1:33 PM
To: bugtraq@xxxxxxxxxxxxxxxxx; full-disclosure@xxxxxxxxxxxxxxxxx;
Subject: Downloads Folder: A Binary Planting Minefield

This blog post reveals a bit of our research and provides an advance
notification of a largely unknown remote exploit technique on Windows. More
importantly, it provides instructions for protecting your computers from
this technique while waiting for the affected software to correct its


Enjoy the reading!

Mitja Kolsek, CEO / @mkolsek

ACROS, d.o.o.
Makedonska ulica 113, SI - 2000 Maribor, Slovenia Tel +386.2.3000.280 Fax
+386.2.3000.282 Web Blg Twt @acrossecurity

ACROS Security: Finding Your Digital Vulnerabilities Before Others Do

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -