Downloads Folder: A Binary Planting Minefield

From: "ACROS Security Lists" <lists@xxxxxxxx>
Date: Fri, 17 Feb 2012 17:32:47 +0100

This blog post reveals a bit of our research and provides an advance notification of
a largely unknown remote exploit technique on Windows. More importantly, it provides
instructions for protecting your computers from this technique while waiting for the
affected software to correct its behavior.

http://blog.acrossecurity.com/2012/02/downloads-folder-binary-planting.html

or

http://bit.ly/wmq00a

Enjoy the reading!

Mitja Kolsek, CEO / @mkolsek

ACROS, d.o.o.
Makedonska ulica 113, SI - 2000 Maribor, Slovenia
Tel +386.2.3000.280 Fax +386.2.3000.282
Web http://www.acrossecurity.com
Blg http://blog.acrossecurity.com
Twt @acrossecurity

ACROS Security: Finding Your Digital Vulnerabilities Before Others Do

Prev by Date: [ MDVSA-2012:021 ] java-1.6.0-openjdk
Next by Date: WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability
Previous by thread: [ MDVSA-2012:021 ] java-1.6.0-openjdk
Next by thread: WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability
Index(es):
- Date
- Thread

Relevant Pages

[Full-disclosure] Downloads Folder: A Binary Planting Minefield
... a largely unknown remote exploit technique on Windows. ... ACROS Security: Finding Your Digital Vulnerabilities Before Others Do ...
(Full-Disclosure)
RE: priviledge escalation techniques
... the 'c:\program' technique. ... The OS I used was windows XP pro sp2. ... folders are users: read & execute and list (this folder, ... The domain user does not have the privilege to create schedules with the ...
(Pen-Test)
Re: Hijacking the hashes : multiple windows mail clients vulnerability
... this technique has been known and discussed ad nauseum for several years, ... Windows 2000 was kicked with a vulnerability that allowed ... >client tried to validate sending the hashes of the user... ... >simply send a html formatted mail message that includes this code: ...
(Vuln-Dev)
Re: Copy Right Protection
... | So that technique provides some protection but not total. ... the Windows solution only works for Windows. ... | what images to protect and which images not to protect. ... | make it available for free, but the programmer using codeguru.com was told ...
(microsoft.public.frontpage.client)
Re: How to add a Tk GUI to a C program.
... Well, as a matter of fact, we use that technique in several of our ... unless you take measures (you will need to use the Windows API to ... a rapid succession of DOS-boxes, so rapid that the only reasonable ...
(comp.lang.tcl)