They acknowledged they received my report.
Did a test and this doesn't work. Apparently, when you disable this setting, they don't deregister their shell extension, they just don't show it...
You would have to implement EMET on explorer.exe and every application that potentially loads this shell extension. It's easier to add the ASLR...
I don't have a Sandboxie shell extension on my system, but the Sandboxie control process is running with DEP but without ASLR.
The ASLR issue with SpyShelter was one reason for this post, but there are several other shell extensions without ASLR. Just to name a few: 7-zip,...
RootkitRevealer http://technet.microsoft.com/en-us/sysinternals/bb897445
I understand, it's better to use LUAs. But you still have UAC enabled? You could try something else: in stead of adding this user to the local...
Not exactly sure what you mean... When you use a non-admin account on Windows 7 to start a program with "Run as administrator", you need to...
Prio is for process priorities, not for integrity levels. My tool is for integrity levels:...
Good point, hadn't thought of that one myself ;-) .
SRP and AL don't pick up shellcode in memory and on the network interface. Most AV performs only limited scan of memory (compared to disk scan)...
Since its last release, Foxit Reader supports DEP and ASLR. And in an upcoming release, they will support running with a low integrity level. I've...
If you take the PoC where an EXE is the vector, it will. But test it with the spreadsheet I referred to. Nothing, except the .XLS, will touch the...
Thanks for the warm welcome all! :-) Correct. Yes, but it is not embedded according to the PDF standard, but with my own method. And remember,...
I've also used this in a spreadsheet: http://blog.didierstevens.com/2010/02/08/excel-with-cmd-dll-regedit-dll/ Paul Craig, author of the iKAT...
Don't focus on the scripting aspect, this is just one way to deliver and execute the shellcode. Like I said, I also did this with a PDF document....
I've posted the code some time ago: http://blog.didierstevens.com/programs/shellcode/ -------------- Didier Stevens http://blog.DidierStevens.com
This is not a vulnerability. And I've used it in another context: I made a PDF file that exploits a vulnerability and then launches this...
Separate names with a comma.
