0-day in Windows XP \ Vista \ 7
Habrapamer 0xA0 found 0-day in Windows XP \ Vista \ 7 (in Windows 8 does not work).
This article was written with the permission of 0xA0 , because due to the low karma at that time, he could not write it here.
Apparently, this is an echo of the vulnerability of CVE-2010-2568 that had died down in 2010 (they also wrote about this in Habré ), which was actively used by the well-known StuxNet . The essence of the bug is that when accessing a DLL file, the operating system instead of resources from this library executes code from the library itself. In general, the description is really very similar to the one named CVE-2010-2568. But the author could not find the opportunity to also remotely use the vulnerability, as StuxNet did, and the only known vector of its use is social engineering. It is necessary to trick the user into allegedly changing the folder icon to the icon from the DLL file sent to him.
Video demonstration of the use of vulnerabilities:
')
In the example given in the video, when you access the dll, the command line opens
This article was written with the permission of 0xA0 , because due to the low karma at that time, he could not write it here.
Apparently, this is an echo of the vulnerability of CVE-2010-2568 that had died down in 2010 (they also wrote about this in Habré ), which was actively used by the well-known StuxNet . The essence of the bug is that when accessing a DLL file, the operating system instead of resources from this library executes code from the library itself. In general, the description is really very similar to the one named CVE-2010-2568. But the author could not find the opportunity to also remotely use the vulnerability, as StuxNet did, and the only known vector of its use is social engineering. It is necessary to trick the user into allegedly changing the folder icon to the icon from the DLL file sent to him.
Video demonstration of the use of vulnerabilities:
')
In the example given in the video, when you access the dll, the command line opens
Source: https://habr.com/ru/post/163409/
All Articles