Windows security has allways been pockmarked On 4/1/07, George Ou <[EMAIL PROTECTED]> wrote:
"[EMAIL PROTECTED] said: http://www.milw0rm.com/exploits/3634 str0ke told me to test this one and no miracle, it works under vista and the default DEP settings doesn't catch it." Default DEP settings in Windows XP or Vista are worthless since it's off for all applications including IE7. I tested with DEP always-on and it crashed IE7 and the exploit failed. Note that when you manually launch an HTML from your hard drive, Protected Mode is turned off because your HDD is considered a trusted source where as the public Internet is not. If I had try to browse a webpage with this exploit, protected mode would have been turned on. I also had to manually bypass the Active X warning to get the exploit to run and even then it crashed with my fully-on DEP settings with hardware-enforcement. I don't really feel like turning off my DEP settings on my Vista machine though I have a feeling that UAC would prevent it from rooting my system though it could probably damage my files if it were coded to do that. But I had to go out of my way to get this exploit to run by manually downloading the zip and manually enabling the ActiveX control just to get it to crash my browser. So I think it's fair to say that hardware-enforced fully-enabled DEP will defeat the ANI exploit (in the current generic state) all by itself. Protected Mode would have also mitigated the ANI exploit to a low-risk state that is non-persistent as soon as IE is closed. So with protected mode turned off, DEP not fully enabled (or missing NX hardware), the ANI exploit would be able to compromise the local user profile and data but it would still need to get around UAC if it wants to put a backdoor in Vista. George _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- http://www.goldwatches.com/watches.asp?Brand=39 http://www.wazoozle.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/