if you email a web page, tipically all files are unzipped when the user double clicks on any .html file
but I still don't see this as something drastically different from double clicking on exe files... On Thu, Sep 2, 2010 at 12:45 AM, coderman <coder...@gmail.com> wrote: > On Wed, Sep 1, 2010 at 2:05 PM, <paul.sz...@sydney.edu.au> wrote: > > The essence of DLL hijacking is to deliver an innocent file together > > with a malicious DLL, in the one directory. Would it be possible to do > > this via email: a ZIP (or similar) archive containing the two files? > > i don't know of a way to do this with ZIP archives. the daemontools / > easycd / related tools which automount ISO and other archive images as > drive letters on the host are vulnerable. autorun on/off may add > insult to injury with such services... > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- HONEY: I want to… put some powder on my nose. GEORGE: Martha, won’t you show her where we keep the euphemism?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/