Russian researcher found 0day vulnerability on Windows XP\Vista\7 (doesn't work on Windows 8). This vulnerability has much in common with
CVE-2010-2568 aka MS10-046 (StuxNet used it). At this time we do not know if is it possible to use this vulnerability as an autorun like Stuxnet use lnk-files on usb stick (some people believe it's possible).
The researcher announced only about social engineering way. Attacker must give evil DLL-file to victim and victim must point this DLL-file as source of icons for some folder (see image below):
Video demonstration
CVE-2010-2568 aka MS10-046 (StuxNet used it). At this time we do not know if is it possible to use this vulnerability as an autorun like Stuxnet use lnk-files on usb stick (some people believe it's possible).
The researcher announced only about social engineering way. Attacker must give evil DLL-file to victim and victim must point this DLL-file as source of icons for some folder (see image below):
Video demonstration
Комментариев нет:
Отправить комментарий