Example of software restriction policy in action

Discussion in 'Image Gallery' started by Lucy, Feb 20, 2009.

Thread Status:
Not open for further replies.
  1. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    Rmus has created a new DLL test to simulate the conficker worm exploit, where a trusted application rundll32 loads a malicious DLL with a spoofed file extension.

    He uses a macro in a MSWord document with the rundll32.exe command. It works on WinXP but the MSWord document should open OK in Vista.

    Here we go with the test in Vista:
    The Word doc opens, but then the dll is forbidden the right to execute
     

    Attached Files:

    • srp.jpg
      srp.jpg
      File size:
      125.8 KB
      Views:
      111
Thread Status:
Not open for further replies.