full-disclosure-uk July 2011 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] Binary Planting Goes &

Re: [Full-disclosure] Binary Planting Goes "Any File Type"

From: <anonymous-tips_at_nospam>
Date: Fri Jul 08 2011 - 19:18:50 GMT
To: security@acrossecurity.com, dan@doxpara.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dan seems to be on the money here, and remember - if the attacker
can get you to click on their file or open it, you are fscked
anyways.

Hence, it is moreso a "way to hide your .exe" unless I am very
mistaken...

(again, I hope I am doing the CC/BCC thing right, call me on it if
I aint)

On Fri, 08 Jul 2011 20:10:31 +0100 Dan Kaminsky <dan@doxpara.com>
wrote:
>And here's where your exploit stops being one:
>
>===
>Suppose the current version of Apple Safari (5.0.5) is our default
>web
>browser. If we put the above files in the same directory (on a
>local
>drive or a remote share) and double-click Test.html, what happens
>is
>the following:
>===
>
>At this point, Test.html might actually be test.exe with the HTML
>icon
>embedded. Everything else then is unnecessary obfuscation -- code
>execution was already possible the start by design.
>
>This is a neat vector though, and it's likely that with a bit more
>work it could be turned into an actual RCE.
>
>On Fri, Jul 8, 2011 at 10:38 AM, ACROS Security Lists
><lists@acros.si> wrote:
>>
>> We published a blog post on a nice twist to binary planting
>which we call "File
>> Planting." There'll be much more of this from us in the future,
>but here's the first
>> sample for you to (hopefully) enjoy.
>>
>> http://blog.acrossecurity.com/2011/07/binary-planting-goes-any-
>file-type.html
>>
>> or
>>
>> http://bit.ly/nXmRFD
>>
>>
>> Best regards,
>>
>> Mitja Kolsek
>> CEO&CTO
>>
>> ACROS, d.o.o.
>> Makedonska ulica 113
>> SI - 2000 Maribor, Slovenia
>> tel: +386 2 3000 280
>> fax: +386 2 3000 282
>> web: http://www.acrossecurity.com
>> blg: http://blog.acrossecurity.com
>>
>> ACROS Security: Finding Your Digital Vulnerabilities Before
>Others Do
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wsBcBAEBAgAGBQJOF1gaAAoJEJicku1BO3ojW2sH/jrtAW8bvfPOhjohvGke9VSbASW9
PfDV4BOHGfhG6FS/7YfUDtqABf2zNI6NlrUdOz+bKvqfZ+ugv4LRMpMiBeSr9iklDadH
E3zT6r2XLXm5+blA2O8msk8bQaYT14FmCkY9ZTZxohhRkvI1l+9VFlFCAWfuWyJqLLul
pTY7xXIhSBWZnJX21/+sTT5/bxkoFqBSfCtdbPdIqL8ehlY/uaY590ElCCLLQA3zI5vV
HHZJ+HO6WE3vFziOMlQRMh2B6GEE/HUwNPLY9OTtOlhu7pfGpGnwIhlS5Hyj7CLH71XD
h5yXVhn1hmmqHYtZ+BNssgHBizvpxMUdnJKzxDGR7Vk=
=Xha9
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/