Tuesday, January 23, 2007

Porky The Pig Takes Aim at Visual Studio 6

Microsoft Visual C++ (.RC Resource Files) Local Buffer Overflow Exploit

Microsoft Help Workshop 4.03.0002 (.HPJ) Buffer Overflow Exploit


Am I just crazy, but aren't these just local vulnerabilities?

They both require the user at the system to run or otherwise execute the exploit...against an application which is not accessible remotely (AFAIK).

So why is Secunia calling both of these remote?



Seriously? System access from remote? Am I missing something?

These are local vulnerabilities that an attacker can combined with a remote vulnerability to gain control of your system. That remote vulnerability is the human being.

Even SecurityFocus has the one labeled remote.

Please note that Milw0rm is calling both of these local attacks however.

No comments:

Post a Comment