Example of software restriction policy in action

Discussion in 'Image Gallery' started by Lucy, Feb 20, 2009.

Thread Status:
Not open for further replies.
  1. Lucy

    Lucy Registered Member

    Apr 25, 2006
    Rmus has created a new DLL test to simulate the conficker worm exploit, where a trusted application rundll32 loads a malicious DLL with a spoofed file extension.

    He uses a macro in a MSWord document with the rundll32.exe command. It works on WinXP but the MSWord document should open OK in Vista.

    Here we go with the test in Vista:
    The Word doc opens, but then the dll is forbidden the right to execute

    Attached Files:

    • srp.jpg
      File size:
      125.8 KB
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.