[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Windows Vista winsat.exe Integer Overflow

> -----Original Message-----
> From: listbounce@xxxxxxxxxxxxxxxxx
> [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of
> Valdis.Kletnieks@xxxxxx
> Sent: Sunday, March 30, 2008 8:52 PM
> To: Steve Shockley
> Cc: vuln-dev@xxxxxxxxxxxxxxxxx
> Subject: Re: Windows Vista winsat.exe Integer Overflow
> On Fri, 28 Mar 2008 23:03:55 EDT, Steve Shockley said:
> > You'd still have to convince the user to bypass UAC when he wasn't
> > expecting a UAC prompt, in addition to getting them to run it in the
> > first place.
> Experience has proved that neither of these should be all that
> difficult for an attacker - an incredibly large percentage of users
> will go ahead and run a .exe, clicking through multiple security
> warnings, if it promises to do something interesting (usually having
> do with somebody famous wearing too little clothing while
> misbehaving...)

Right - however, by default, you only get the UAC "prompt for consent"
when you are *already* running as admin.  A normal user would have to
input the administrator username and password to continue the
installation.  Of course you can require even the administrator to enter
username and password, and can even make non-administrative requests for
elevation automatically fail. 

So, if you have someone who is going to run as administrator anyway,
download the untrusted .exe, execute it, and then confirm the execution
of the program without concern for what happens, we can't really fault
the OS for that at this point in the game.