> Exploiting this issue requires the ability to overwrite > existing files wich have a trusted or non-existant ZoneID. > Right now there is no known way to achieve this in an attack > mounted from the Internet.
Ok. So if I have the ability to do that, isn't it safe to say that I already control the box? > Vendor status > ------------- > heise Security has notified Microsoft about both issues on > August 12. Microsoft Security Response Center > responded: > > "We have investigated your report, as we do with all reports, > however in this case, we don't see these issues as being in > conflict with the design goals of the new protections. We are > always seeking improvements to our security protections and > this discussion will certainly provide additional input into > future security features and improvements, but at this time > we do not see these as issues that we would develop patches > or workarounds to address." I'm inclined to agree with them. I see the potential for problems as you have pointed out, but I guess I need a little help in understanding how this could ever be more than a theoretical vulnerability. Could you perhaps elaborate and maybe toss in a hypothetical situation or two to help me see what you're driving at? -- Jonathan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
