Downloads Folder: A Binary Planting Minefield




This blog post reveals a bit of our research and provides an advance notification of
a largely unknown remote exploit technique on Windows. More importantly, it provides
instructions for protecting your computers from this technique while waiting for the
affected software to correct its behavior.

http://blog.acrossecurity.com/2012/02/downloads-folder-binary-planting.html

or

http://bit.ly/wmq00a

Enjoy the reading!


Mitja Kolsek, CEO / @mkolsek

ACROS, d.o.o.
Makedonska ulica 113, SI - 2000 Maribor, Slovenia
Tel +386.2.3000.280 Fax +386.2.3000.282
Web http://www.acrossecurity.com
Blg http://blog.acrossecurity.com
Twt @acrossecurity

ACROS Security: Finding Your Digital Vulnerabilities Before Others Do




Relevant Pages

  • [Full-disclosure] Downloads Folder: A Binary Planting Minefield
    ... a largely unknown remote exploit technique on Windows. ... ACROS Security: Finding Your Digital Vulnerabilities Before Others Do ...
    (Full-Disclosure)
  • RE: priviledge escalation techniques
    ... the 'c:\program' technique. ... The OS I used was windows XP pro sp2. ... folders are users: read & execute and list (this folder, ... The domain user does not have the privilege to create schedules with the ...
    (Pen-Test)
  • Re: Hijacking the hashes : multiple windows mail clients vulnerability
    ... this technique has been known and discussed ad nauseum for several years, ... Windows 2000 was kicked with a vulnerability that allowed ... >client tried to validate sending the hashes of the user... ... >simply send a html formatted mail message that includes this code: ...
    (Vuln-Dev)
  • Re: Copy Right Protection
    ... | So that technique provides some protection but not total. ... the Windows solution only works for Windows. ... | what images to protect and which images not to protect. ... | make it available for free, but the programmer using codeguru.com was told ...
    (microsoft.public.frontpage.client)
  • Re: How to add a Tk GUI to a C program.
    ... Well, as a matter of fact, we use that technique in several of our ... unless you take measures (you will need to use the Windows API to ... a rapid succession of DOS-boxes, so rapid that the only reasonable ...
    (comp.lang.tcl)