> I thought this would've killed the exploit as it killed the process, but when > I sadly hit cancel, I was presented with the payload's result (calc in the > PoC). > I just thought this piece was interesting so I included it. Sorry for any > confusion.
Yes, I understand that part... My point is that the payload result of "calc" would run like that, but if the payload did something else that required admin privileges, it would fail. But I understand your point, and I do find it interesting that the cancel proceeds with the .dll load. That might be something worth looking at in more detail. t _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
