>DLL Hijacking is highly effective in combination with use of Social Engineering Toolkit.
Isn't *any* mechanism for code execution going to be effective with the use of social engineering? I mean, isn't that what we've known for years, that the weakest component of any security system is the users? -- Rohit Patnaik On Wed, Sep 8, 2010 at 3:36 AM, YGN Ethical Hacker Group <li...@yehg.net>wrote: > A vulnerability is a vulnerability. > A SQL Injection is a type of Vulnerability. > For each type of Vulnerability, there will be thousands of web > applications that might be vulnerable to it. > DLL Hijacking is same. > > We do each post rather than a list so that security vulnerability news > site can get required detailed information > as possible. > > If you don't want it, set filter for each post subject with "DLL > Hijacking" or from our email. > > We can't underestimate such an easy flaw that leads to system > compromise or command execution under user' privilege. > > Disabling remote share/WebDav is not a solution to DLL Hijacking at all. > > DLL Hijacking is highly effective in combination with the use of > Social Engineering Toolkit. > > > > > On Tue, Sep 7, 2010 at 2:28 PM, Christian Sciberras <uuf6...@gmail.com> > wrote: > > I'm getting a bit tired of throwing away these "security advisories". > > > > Really, someone should install a whole load of popular applications, > ensure > > any of them load their own files, and finally, thanks to a mass > dependency > > check, ensure DWM is being loaded at runtime. > > > > At least, it would be just one email/thread to trash. > > > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/