Buffer Overflow?

Thanks, HyperFlow, for that link.

This seems to also require a vulnerable application, and a malicious file to exploit the vulnerability.


----
rich

 

i was reading on there (VLC) site that Evan a file with *what should be subtitles* can be used to deliver the BO and they was suggesting to turn the auto detect subs off until the person knew if it was subs or an exploit

 

How would he know if it were an exploit or not?


----
rich

 

VLC was suggesting to make sure that it was a sub file and not a exploit file i guess one could open it put i'm not sure how that would be done with out a risk.the only thing i can find off the bat http://en.wikibooks.org/wiki/Editing_a_subtitle_file_with_a_text_editor

 

wat0114,
Here is the proof :
http://www.mcafee.com/us/local_content/white_papers/wp_ricochetbriefbuffer.pdf

 

There is a CMF bug though which says CMF drivers aren't loaded when you access the gui through the system tray.

http://forums.comodo.com/help/driver_is_not_active_bug-t18836.0.html

 

That's correct. "A malicious file that is run by the application" doesn't refer to just situations where you open a file in a program's File menu. It also refers to the rendering of a page in a web browser, including content processed by browser addins such as Flash. It also refers to the communication of information to a program that listens for network connections. An example of such a program is a BitTorrent client. These are some different ways that data can be brought into an application.

 

I think all this talk about buffer overflow is way overrated and the discussions keep munting up about it, whens the last time anyone's really got a webpage bufferoverflow and look at the percentages of them compard to more dangerous exploits on the loose.

I don't worry about them myself bscause for one thing they're overrated and another reason is too many security apps make them purely a fantasy to all get worked up over nothing really.

 

You may wish to look at http://www.f-secure.com/weblog/archives/00001408.html from F-Secure and posted by lucas1985 in another topic. Here is an excerpt:

"The criminals' new preferred way of spreading malware is via drive-by downloads on the Web. These attacks often still start with an e-mail spam run but the attachment in the e-mail has been replaced by a web link, which takes you to the malicious web site. So instead of getting infected over SMTP, you get infected over HTTP."

"Infection by a drive-by download can happen automatically just by visiting a website, unless you have a fully patched operating system, browser, and browser plug-ins. Unfortunately, most people have some vulnerabilities in their systems. Infection can also take place when you are fooled into manually clicking on a download and running a program from the web page that contains the malware."

You can have your browser scanned for some vulnerabilities at http://bcheck.scanit.be/bcheck/. The tests used are listed at http://bcheck.scanit.be/bcheck/listtests.php?action=list. Some of these are buffer overflow exploits, although the test title doesn't necessarily indicate such by using the word 'buffer.' Look at http://bcheck.scanit.be/bcheck/stats.php to see what percentage of browsers were vulnerable - usually between 12% to 20%. Keep in mind that this is the exposure rate for just this set of tests. If tests of all possible browser vulnerabilities were used, the percentages would have been higher. Of course, there is a selection bias in these results - the results are those of people who visited the site, not the population at large.

 

Thanks Erik, I saw that article last night This is an interesting thread. Thanks to everyone so far for your worthy feedback!

 

A Flash object will run automatically, unless the user chooses to disable that option,
in which case the user decides whether or not to run the Flash:


______________________________________________________________________________

What other browser addins will run files automatically upon loading a web page?

thanks,


----
rich

 

Any line of code has the potential to be exploited. Whether or not the talk about it is overrated is certainly an individual matter. To wit,

This is all that matters. Security is a state of mind, and people take this and that security precaution to lessen the worry state.

Once the worry state is no longer a factor, then one can get on with her/his computing life!

While one can sympathize with the level of worry states in other people, one's responsibility is first to oneself and then to those who come under your sphere of influence and will listen to your point of view.


----
rich

 

Until now, I didn't notice any bug, but I'm sure it will be fixed, because it has been reported at the forum of Comodo.
If the bug occurs on MY computer, I will certainly contact Comodo myself.

My boot-to-restore always gives my system back as it was and I wouldn't be surprised that the troubles caused by this bug are gone after reboot until it occurs again.

Thanks for mentioning it, I will keep a good eye on it.

 

ok i just discovered a big downside to hardware based DEP, i freaking can't open some legitimate programs! izarc, for example, does not work with hardware DEP enabled.

 

You'll have to resort to OptOut and place exceptions for the software that don't work with DEP.
And write to the developer of IZarc asking for a DEP-compatible build

 

Make no mistake about it, some programs will not run in AlwaysOn. Some don't even install - i remember Jetico 1.

7-Zip works fine note.

To install java, if it fails, you have to use an alternative installer found on the website (offline installer).
http://www.java.com/en/download/manual.jsp

To me the choice was easy, keep AlwaysOn.
The alternative is hex editing as the backdoor link mentions, in order to have a properly functioning OptOut.

 

thanks! i'll keep that in mind if i decide to drop izarc.

i'm trialing comodo memory firewall right now. i'm hoping it's as good as they say it is, that way i wouldn't have to worry about hardware DEP (since CMF would automatically block buffer overflow and allow me to add exemptions if a program won't run with DEP enabled).

 

If you're up-to-date with patches, this is the picture you'll get:

 

Exactly the one I get. DEP enabled on my BIOS and BOOT.ini with OptiOut.

 

Same here :

So all these good advices of participating members, seem to work. Congratulations.

 

I get the same results on my 98SE units

 

My previous successfull test was done with FireFox 2.0.0.13.
I tried it with MSIE6, but MSIE couldn't handle it.

 

i have done the test with both ie7 & FF no problem A+...seem like if a person is fully updated and the plug-ins are up to date this test is easily passed. i use secunia to keep all that in~line and it looks like it's doing it's job. it would be nice to see other people post on different Browser so we all can get a better look at what is passing and what is not.

 

Opera 9.27 passed on my system

 

There is a very nice breakdown of vulnerabilities by type reported in the CVE database at http://cwe.mitre.org/documents/vuln-trends/index.html#table1. See both Tables 1 and 2. Buffer overflow is listed as 'buf' in the tables. In overall number of vulnerabilities reported in 2006, buffer overflow vulnerabilities ranked 4th at 7.8%. In operating system software in 2006, buffer overflow vulnerabilities ranked 1st at 16.1%. Keep in mind that you're not exposed to some types of vulnerabilties, such as SQL injection, unless you are running a database server. Also, some vulnerabilities can be used together. For example, a cross-site scripting vulnerability can be exploited on a web server to inject JavaScript code into the web server's webpages, and when you browse the infected webpage, the JavaScript could use buffer overflow vulnerabilities in your browser and/or browser addons to try to run malware.