Vulnerability in Windows Shell Could Allow Remote Code Execution

Page 2 of 5 Previous  1, 2, 3, 4, 5  Next

View previous topic View next topic Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by arran on 23/7/2010, 10:59

Actually Malware Defender does block both methods even the browse method. you just simply configure MD to block explorer.exe from loading Dll's.

that said I find this poc strange because I can only get it to work once, if I do it again for a second time nothing happens no results on debugview nothing.
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by Sadeghi85 on 23/7/2010, 11:12

You need to delete IconCache.db or rename the lnk file, according to this comment on Didier's blog.

Sadeghi85
Member
Member

Posts : 66
Join date : 2010-07-22

View user profile

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by arran on 23/7/2010, 11:46

thanks Sadeghi85 have now tested again. MD blocks .





avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by ssj100 on 23/7/2010, 12:02

arran wrote:Actually Malware Defender does block both methods even the browse method. you just simply configure MD to block explorer.exe from loading Dll's.

that said I find this poc strange because I can only get it to work once, if I do it again for a second time nothing happens no results on debugview nothing.

That's exactly right, Malware Defender can be easily configured to block this exploit, and so can CIS, OA, and any other Classical HIPS out there really. However, my testing was clearly documented - default configurations only haha. To be fair, I actually wrote for each Classical HIPS that they should be able to be configured to block the exploit. After all, it's just loading a DLL file. As I said, even 10 year old technology blocks it easily (SRP).

And yes, thanks for posting that piece of information here Sadeghi85.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by Zero_One on 23/7/2010, 19:32

Not sure disallowing explorer.exe from loading dll's is a feasible work around. Take a look at this debug log from simply opening control panel:

Code:


Explorer.EXE        dsquery.dll          LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        DEVMGR.DLL          LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        bthprops.cpl        LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\bthprops.cpl"
Explorer.EXE        firewall.cpl        LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\firewall.cpl"
Explorer.EXE        firewall.cpl        LoadLibraryW:  failed    flags: -  lib: "xpsp2res.dll"
Explorer.EXE        DEVMGR.DLL          LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        irprops.cpl          LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\irprops.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\netsetup.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\nwc.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\wuaucpl.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\netsetup.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\netsetup.cpl"
Explorer.EXE        firewall.cpl        LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\firewall.cpl"
Explorer.EXE        firewall.cpl        LoadLibraryW:  failed    flags: -  lib: "xpsp2res.dll"
Explorer.EXE        firewall.cpl        LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\firewall.cpl"
Explorer.EXE        firewall.cpl        LoadLibraryW:  failed    flags: -  lib: "xpsp2res.dll"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\netsetup.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\netsetup.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\wuaucpl.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\wuaucpl.cpl"
Explorer.EXE        SHLWAPI.dll          LoadLibraryW:  failed    flags: -  lib: "advapi32.dll"


Explorer.exe needs to be able to call LoadLibrary as a part of normal OS operation.

Zero_One
Security Professional
Security Professional

Posts : 32
Join date : 2010-07-22

View user profile http://www.bluepointsecurity.com

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by Zero_One on 23/7/2010, 20:51

Version 1.0.35.99 has been released, which mitigates the vulnerability.

Zero_One
Security Professional
Security Professional

Posts : 32
Join date : 2010-07-22

View user profile http://www.bluepointsecurity.com

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by Ruhe on 23/7/2010, 21:30

.lnk vulnerability in Windows: Attack wave approaches
avatar
Ruhe
Valued Member
Valued Member

Posts : 261
Join date : 2010-04-16
Location : Germany

View user profile

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by Buster_BSA on 23/7/2010, 21:47

Page 48 of the official documentation for the LNK format:

4 Security

None.

That´s right. None security, just a big hole there. lol!
avatar
Buster_BSA
Member
Member

Posts : 87
Join date : 2010-07-21

View user profile

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by Zero_One on 23/7/2010, 23:18

Hilarious oversight.

Zero_One
Security Professional
Security Professional

Posts : 32
Join date : 2010-07-22

View user profile http://www.bluepointsecurity.com

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by ssj100 on 24/7/2010, 02:50

Zero_One wrote:Not sure disallowing explorer.exe from loading dll's is a feasible work around. Take a look at this debug log from simply opening control panel:

Code:


Explorer.EXE        dsquery.dll          LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        DEVMGR.DLL          LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        bthprops.cpl        LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\bthprops.cpl"
Explorer.EXE        firewall.cpl        LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\firewall.cpl"
Explorer.EXE        firewall.cpl        LoadLibraryW:  failed    flags: -  lib: "xpsp2res.dll"
Explorer.EXE        DEVMGR.DLL          LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        irprops.cpl          LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\irprops.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\netsetup.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\nwc.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\wuaucpl.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\netsetup.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\netsetup.cpl"
Explorer.EXE        firewall.cpl        LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\firewall.cpl"
Explorer.EXE        firewall.cpl        LoadLibraryW:  failed    flags: -  lib: "xpsp2res.dll"
Explorer.EXE        firewall.cpl        LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\firewall.cpl"
Explorer.EXE        firewall.cpl        LoadLibraryW:  failed    flags: -  lib: "xpsp2res.dll"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\netsetup.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\netsetup.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\wuaucpl.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\wuaucpl.cpl"
Explorer.EXE        SHLWAPI.dll          LoadLibraryW:  failed    flags: -  lib: "advapi32.dll"


Explorer.exe needs to be able to call LoadLibrary as a part of normal OS operation.

You're right, but the thing about Classical HIPS is that you can configure it so that it learns all normal and safe operations. Unfortunately, this takes time to do, and is certainly not for the average user.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by arran on 24/7/2010, 03:05

ssj100 wrote:
arran wrote:Actually Malware Defender does block both methods even the browse method. you just simply configure MD to block explorer.exe from loading Dll's.

that said I find this poc strange because I can only get it to work once, if I do it again for a second time nothing happens no results on debugview nothing.

That's exactly right, Malware Defender can be easily configured to block this exploit, and so can CIS, OA, and any other Classical HIPS out there really. However, my testing was clearly documented - default configurations only haha. To be fair, I actually wrote for each Classical HIPS that they should be able to be configured to block the exploit. After all, it's just loading a DLL file. As I said, even 10 year old technology blocks it easily (SRP).

but with all due respect there is no point in testing something with default configurations all HIPS need configuring just like firewalls need configuring as well or there is no point in having them installed.
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by Zero_One on 24/7/2010, 03:09

Default configurations are the most widely used amongst 'normal' users. If a solution is vulnerable in a default config, many people would be left vulnerable. Configuring a solution for every vulnerability is something you can't get the masses to do, ours blocks it in the default config for that reason. Just my 2 cents.

Zero_One
Security Professional
Security Professional

Posts : 32
Join date : 2010-07-22

View user profile http://www.bluepointsecurity.com

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by ssj100 on 24/7/2010, 03:16

arran wrote:
ssj100 wrote:
arran wrote:Actually Malware Defender does block both methods even the browse method. you just simply configure MD to block explorer.exe from loading Dll's.

that said I find this poc strange because I can only get it to work once, if I do it again for a second time nothing happens no results on debugview nothing.

That's exactly right, Malware Defender can be easily configured to block this exploit, and so can CIS, OA, and any other Classical HIPS out there really. However, my testing was clearly documented - default configurations only haha. To be fair, I actually wrote for each Classical HIPS that they should be able to be configured to block the exploit. After all, it's just loading a DLL file. As I said, even 10 year old technology blocks it easily (SRP).

but with all due respect there is no point in testing something with default configurations all HIPS need configuring just like firewalls need configuring as well or there is no point in having them installed.

For a purist like you, sure there is no point in having them installed haha. But, for the average user running CIS, OA, or even MD, they may not have the knowledge, time or care to configure things "properly". And trust me, there are thousands and thousands of people out there using the "default configuration" of CIS, OA, MD etc.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by arran on 24/7/2010, 03:25

Zero_One wrote:Not sure disallowing explorer.exe from loading dll's is a feasible work around. Take a look at this debug log from simply opening control panel:

Code:


Explorer.EXE        dsquery.dll          LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        DEVMGR.DLL          LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        bthprops.cpl        LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\bthprops.cpl"
Explorer.EXE        firewall.cpl        LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\firewall.cpl"
Explorer.EXE        firewall.cpl        LoadLibraryW:  failed    flags: -  lib: "xpsp2res.dll"
Explorer.EXE        DEVMGR.DLL          LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        irprops.cpl          LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\irprops.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\netsetup.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\nwc.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\wuaucpl.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\netsetup.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\netsetup.cpl"
Explorer.EXE        firewall.cpl        LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\firewall.cpl"
Explorer.EXE        firewall.cpl        LoadLibraryW:  failed    flags: -  lib: "xpsp2res.dll"
Explorer.EXE        firewall.cpl        LoadLibraryW:  failed    flags: -  lib: "comctl32.dll"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\firewall.cpl"
Explorer.EXE        firewall.cpl        LoadLibraryW:  failed    flags: -  lib: "xpsp2res.dll"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\netsetup.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\netsetup.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\wuaucpl.cpl"
Explorer.EXE        SHELL32.dll          LoadLibraryW:  failed    flags: -  lib: "C:\WINDOWS\system32\wuaucpl.cpl"
Explorer.EXE        SHLWAPI.dll          LoadLibraryW:  failed    flags: -  lib: "advapi32.dll"


Explorer.exe needs to be able to call LoadLibrary as a part of normal OS operation.

why wouldn't it be a feasible work around you just create a white list of DLL's that each app are allowed to run, like I have done with MD and my system runs very smoothly.
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by ssj100 on 24/7/2010, 03:30

I think Zero_One's point is that (and he's implied this already) it's not feasible for the masses.

It's well known that Classical HIPS can block just about anything out there if configured accordingly - as you stated before, you can even configure MD to prevent the creation of any new file - that would (also) easily block this exploit (since the exploit's files wouldn't be able to get on to the system in the first place).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by arran on 24/7/2010, 03:32

Yes that's right you can also just block the creation of new DLL files
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by ssj100 on 24/7/2010, 03:36

arran wrote:Yes that's right you can also just block the creation of new DLL files

Not sure how comprehensive that would be for the purist though haha. I'm sure the exploit would be able to propagate via other types of executable code (not just DLL files).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by Zero_One on 24/7/2010, 03:44

^ beat me to it Very Happy. File Extension doesn't matter, just reconfigured the shortcut and dll to check.

shortcut: test.lnk
payload: payload.rzi

payload.rzi is still a dll with a renamed extension, most of the malware out there are utilizing .tmp extensions instead of .dll.

LoadLibrary will attempt to load any library passed to it. As long as the dll itself is proper, it'll load.

Blocking LoadLibrary is the key, as long as you block that, you'll be set. If you can block calls from shell32.dll -> explorer.exe that would be a more specific approach that would still eliminate the vuln.

I have a reconfigured dll that pops up a message box instead of sending debug messages, makes it easier to test if anyone is interested (it's harmless of course).

Zero_One
Security Professional
Security Professional

Posts : 32
Join date : 2010-07-22

View user profile http://www.bluepointsecurity.com

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by arran on 24/7/2010, 04:47

Zero_One wrote:^ beat me to it Very Happy. File Extension doesn't matter, just reconfigured the shortcut and dll to check.

shortcut: test.lnk
payload: payload.rzi

payload.rzi is still a dll with a renamed extension, most of the malware out there are utilizing .tmp extensions instead of .dll.

LoadLibrary will attempt to load any library passed to it. As long as the dll itself is proper, it'll load.


so are u saying that if you rename the poc file to payload.rzi it still acts as a DLL?
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by Zero_One on 24/7/2010, 04:48

If you change the 'suckme.lnk' to point to payload.rzi, yes. Just changing the dll extension wouldn't work as the .lnk points specifically to dll.dll.

You can simply use a hex editor to change the .lnk to point to any filename you wish (must be a library).

Zero_One
Security Professional
Security Professional

Posts : 32
Join date : 2010-07-22

View user profile http://www.bluepointsecurity.com

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by ssj100 on 24/7/2010, 07:39

Zero_One wrote:I have a reconfigured dll that pops up a message box instead of sending debug messages, makes it easier to test if anyone is interested (it's harmless of course).

Please PM me this reconfigured POC. Thanks.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by arran on 24/7/2010, 08:25

can you also please send to me I don't know how to use hex editor
avatar
arran
Member
Member

Posts : 41
Join date : 2010-05-09

View user profile

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by Buster_BSA on 24/7/2010, 14:20

arran wrote:can you also please send to me I don't know how to use hex editor

It´s more related about knowing ASM than how to use an hex editor.

Hex editors are used (among other things) to change byte sequences but if you don´t know what to change then it´s useless.
avatar
Buster_BSA
Member
Member

Posts : 87
Join date : 2010-07-21

View user profile

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by aigle on 25/7/2010, 07:43

hi ssj100! Nice testing indeed. Can you tect threatfire too? thanks
avatar
aigle
Member
Member

Posts : 21
Join date : 2010-07-25

View user profile

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by Zero_One on 25/7/2010, 08:51

Would be nice to see some of the more mainstream av products tested too

Zero_One
Security Professional
Security Professional

Posts : 32
Join date : 2010-07-22

View user profile http://www.bluepointsecurity.com

Back to top Go down

Re: Vulnerability in Windows Shell Could Allow Remote Code Execution

Post by Sponsored content


Sponsored content


Back to top Go down

Page 2 of 5 Previous  1, 2, 3, 4, 5  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum