Example of software restriction policy in action

Discussion in 'Image Gallery' started by Lucy, Feb 20, 2009.

Thread Status:
Not open for further replies.
  1. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    Rmus has created a new DLL test to simulate the conficker worm exploit, where a trusted application rundll32 loads a malicious DLL with a spoofed file extension.

    He uses a macro in a MSWord document with the rundll32.exe command. It works on WinXP but the MSWord document should open OK in Vista.

    Here we go with the test in Vista:
    The Word doc opens, but then the dll is forbidden the right to execute
     

    Attached Files:

    • srp.jpg
      srp.jpg
      File size:
      125.8 KB
      Views:
      111
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.