Re: Microsoft Firewall vs ????

Rat River Cemetary wrote:

Sebastian G. wrote:

Or not willing to waste my time on trivial things that I consider being easy enough for you to figure it out on your own. As if I would care what you're thinking of me...

Here's what my man on the inside has to say to you. Loon!


See below for the obvious reasons why I don't care for the opinions of idiots...

"Neither the batch commands, nor the .c programs are remote exploits of a firewall.


I never claimed a remote exploit.

The batch files just seems to copy prefs.js around the system,


Bull***. It reads the context of a file, puts in into a URL and writes to prefs.js to set it as the default homepage. The next time the user starts up Firefox, the homepage is surfed to, and the data are transmitted this way.

it doesn't attain Admin from a limited user nor does it execute code on remote sysems, so it's not an exploit. Ditto for the .c programs, they just send messages to other windows, windows is designed to allow that. That is not demostration of a remote exploit or local privilege escalation exploit.


But it is an exploit against the application security feature of personal firewalls.

Also, in Vista you can't send a high integrity process (admin services and programs with admin privileges) a message from a lower integrity processes, like say medium integrity (non-UAC prompting programs) processes or low integrity processes (sandboxed programs like IE7).


Wrong as well. Clipboard commands, NetDDE and COM+ Remoting are allowed, also Named Pipes, Mailslots, Shared Sections, BaseNameObjects, JobObjects etc. are shared.

What you asked about is Vista, and these are not Vista exploits."


Never claimed those to be Vista exploits, even though they work quite well under Vista.
.

Loading