Log in or Sign up

Example of software restriction policy in action

Discussion in 'Image Gallery' started by Lucy, Feb 20, 2009.

Thread Status:: Not open for further replies.

Lucy Registered Member

Joined:

Apr 25, 2006

Posts:

404

Location:

France
Rmus has created a new DLL test to simulate the conficker worm exploit, where a trusted application rundll32 loads a malicious DLL with a spoofed file extension.

He uses a macro in a MSWord document with the rundll32.exe command. It works on WinXP but the MSWord document should open OK in Vista.

Here we go with the test in Vista:
The Word doc opens, but then the dll is forbidden the right to execute
Attached Files:
- srp.jpg
  
  File size:
  
  125.8 KB
  
  Views:
  
  112
Lucy, Feb 20, 2009

#1

Thread Status:: Not open for further replies.

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn More...