: Re: [Full-disclosure] Binary Planting Goes Any File Type
It's a nice attempt, but no. The social engineering required to pull
that off exceeds what's required to get somebody to download and
execute setup.exe, and we don't call that RCE either.
Hundreds of false bugs are blinding you to probably
10 year old bug classes are indeed fun to read, though the fun might
be directed at some one as opposed to something.
Even given it a cool name doesn't make that one a new weakness.
--
http://blog.zoller.lu
Thierry Zoller
___
Full-Disclosure - We
Hi Mario -
Actually you *can* launch an executable that way, if you add a couple
more clicks afterwards, or you right click on the file and choose a
non default menu option. It's no more ridiculous than any other social
engineering that requires people to hit a hotkey they probably never
What a list. Perhaps we *should* give up :)
Mitja
On Jul 9, 2011, at 6:59 PM, Tim tim-secur...@sentinelchicken.org wrote:
We haven't, but I like your idea. However, if this is possible via
applet parameters, I would be very disappointed that it hasn't been
found/reported already. Or has
Actually you *can* launch an executable that way, if you add a couple
more clicks afterwards, or you right click on the file and choose a
non default menu option. It's no more ridiculous than any other social
engineering that requires people to hit a hotkey they probably never
heard of and browse
Dan -
It's a nice attempt, but no. The social engineering required to pull
that off exceeds what's required to get somebody to download and
execute setup.exe, and we don't call that RCE either.
What if the target user couldn't download setup.exe due to firewall rules? Both
you and I prefer
Tim,
We haven't, but I like your idea. However, if this is possible via applet
parameters, I would be very disappointed that it hasn't been found/reported
already. Or has everyone already given up on Java security? ;)
Mitja
On Jul 8, 2011, at 9:41 PM, Tim tim-secur...@sentinelchicken.org
We haven't, but I like your idea. However, if this is possible via
applet parameters, I would be very disappointed that it hasn't been
found/reported already. Or has everyone already given up on Java
security? ;)
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jre
We haven't given up,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dan seems to be on the money here, and remember - if the attacker
can get you to click on their file or open it, you are fscked
anyways.
Hence, it is moreso a way to hide your .exe unless I am very
mistaken...
(again, I hope I am doing the CC/BCC
Mitja,
A question/suggestion:
Have you guys tried influencing where the .hotspotrc files are loaded
from by supplying your own System properties (e.g. user.dir)? You
can do this in .jnlp files and probably applet tags as well. This has
allowed for JRE RCE in the past.
If there is a way to
It's a nice attempt, but no. The social engineering required to pull
that off exceeds what's required to get somebody to download and
execute setup.exe, and we don't call that RCE either.
Hundreds of false bugs are blinding you to probably a dozen real bugs.
Likely more. In security as in
Ok, Dan, just for you:
Launch Internet Explorer 9 on Windows 7 (probably other IE/Win works too), go
to File-Open (or press Ctrl+O), browse to Test.html and open it. No
double-clicking and you couldn't launch an executable this way. Better?
Cheers,
Mitja
On Jul 8, 2011, at 9:10 PM, Dan
12 matches
Mail list logo