"Gynvael Coldwind" <[email protected]> wrote: > Correct me if I'm wrong, but the vulnerability can be summarized as: if you > run an untrusted .exe you might execute malicious code?
Amen! > I hardly see this as giving anything new to the attacker who can just > create a malicious exe file, set the winrar sfx icon and send it to the > victim. That's why giving unsuspecting users *.EXE to install a software package or to unpack an archive and thus training them to run almost anything they get their hands on is a BLOODY STUPID idea in the first place. ALWAYS use the platforms native package or archive formats to distribute your software or files! > Keep in mind that not every unexpected behavior or software bug is a > security vulnerability. > > (and no, potential AV bypass doesn't make it a vulnerability either) Right again. stay tuned Stefan _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
