HalbaSus wrote: >I don't want to be rude but... we're talking about a win32 local exploit here >!!!! > ... >3. As long as someone needs phisical access for this it's not really such a >serious problem.. usually when someone has phisical access to a computer he >can do mostly whatever he/she wants. Without using exploits... > You don't have to have physical access to run 'local' attacks, you just need to get your code onto the system and run it. There are any number of well known ways of doing that. So the problem is whether the context your injected code or command line runs in has a privileged window available to it or not. I'd find it hard to believe that IIS doesn't have at least one privileged hidden window running. But are they accessible to injected code? I agree that if you have physical access you've won, but just because you don't have physical access doesn't mean you've lost. >4. And probably the most important reason: Shatter is one of those mostly >harmless yet very neet exploits that you can impress your friends with... or > .... I don't think it can be called harmless, and I think that the more people poke around with the available windows messages, the more interesting possibilities will emerge.
This archive was generated by hypermail 2b30 : Sun Aug 25 2002 - 11:12:14 PDT