but if you execute a trusted vbs, you would successfully exploit anything wouldnt you ? id would be like running a dll using rundll32.exe my.dll , cept a vbs :s
to me makes no sense, never has, and i know what loadlibrary does, i looked at the implications of theyre advisories, i remember when we were swarmed by about 100 dlls wich were not 'unloaded' rproperly... lol... ok anyhow, this makes no sense, executing a trusted vbs is 'script' many viruses have been named .vbs and run vb script...right? so why would we need news on this... xd On 3 September 2011 07:53, Nahuel Grisolia <[email protected]> wrote: > List, > > On 09/02/2011 06:45 PM, root wrote: > > You don't get the worst part: unsuccessful exploitation also leads to > > code execution. > > Scary stuff. > > > > On 09/02/2011 05:05 PM, Mario Vilas wrote: > >> Are you guys seriously reporting that double clicking on a malicious > .vbs > >> file could lead to remote code execution? :P > >> > >> Either I'm missing something (and I'd welcome a rebuttal here!) or you > might > >> as well add .exe to that list. All those extensions are already > executable. > > I think that they're talking about that executing a trusted vbs could > lead to the execution of malicious code. > > :S > > regards, > -- > Nahuel Grisolia - C|EH > Information Security Consultant > Bonsai Information Security Project Leader > http://www.bonsai-sec.com/ > (+54-11) 4777-3107 > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
