On Tue, Aug 31, 2010 at 5:15 PM, Dan Kaminsky <d...@doxpara.com> wrote:
> > Again, the clicker can't differentiate word (the document) from word (the > executable). The clicker also can't differentiate word (the document) from > word (the code equivalent script). > > The security model people keep presuming exists, doesn't. > > Even the situation whereby a dll is dropped into a directory of documents -- > the closest to a real exploit path there is -- all those docs can be > repacked into executables. > What? I can differentiate my coolProposal.doc from msword.exe just fine.. If your statement is that the windows defaults should be changed, including the "hide extensions" default, then I wholeheartedly agree as I detailed in my first post. It's the first thing I turn off. Many people who think the same way have considered that a vulnerability in windows for years, I wouldn't consider it part of the "DLL Hijacking" fiasco. Cheers, Charles _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/