2007-09-17 06:13:23
By Tim Brown
Roger said:
I'm sorry, we'll have to agree to disagree. I don't see the new attack vector here. I, the attacker, have to make you download my malicious trojan program, which you install on your computer.
Irrespective of the rest of what Roger says (which I agree with FTR), this bit is simply wrong. Look at the PoC that has been made public.
It's not (just) about downloading malware gadgets. It's about exploiting vulnerabilities *in* gadgets (the default gadgets in Vista, in the case of the PoC). Essentially anywhere a gadget calls for example eval() on untrusted data you may have a problem.
Mood: Bored
Music: Nothing playing right now
You are unknown, comment