Re: Windows Vista winsat.exe Integer Overflow



On Fri, 28 Mar 2008 23:03:55 EDT, Steve Shockley said:

You'd still have to convince the user to bypass UAC when he wasn't
expecting a UAC prompt, in addition to getting them to run it in the
first place.

Experience has proved that neither of these should be all that difficult
for an attacker - an incredibly large percentage of users will go ahead and
run a .exe, clicking through multiple security warnings, if it promises to
do something interesting (usually having to do with somebody famous wearing
too little clothing while misbehaving...)

Attachment: pgpifSHbqMHUh.pgp
Description: PGP signature