"Michal Zalewski" <lcamtuf-qtaipnqie1ffq8cq1yk...@public.gmane.org> wrote:
>> the existence of "C:\Program.exe" must not have any bad affect >> for any random installer not intending to execute this > > Sounds like a good goal. Yes. Not just for any random installer, but for any Windows program. <http://msdn.microsoft.com/library/cc144175.aspx> <http://msdn.microsoft.com/library/cc144101.aspx> | Note: If any element of the command string contains or might contain | spaces, it must be enclosed in quotation marks. ~~~~ [...] > Now, in practical terms... in absence of a plausible risk / attack > vector, it doesn't sound like much of a security issue (unless you > adopt the approach advocated on the predecessor of this list by Mr. > Lemonias). The plausible risk / attack vector is the same as used/shown in <http://cwe.mitre.org/data/definitions/428.html> <http://www.tenable.com/sc-report-templates/microsoft-windows-unquoted-service-path-enumeration> <https://isc.sans.edu/diary/Help+eliminate+unquoted+path+vulnerabilities/14464> JFTR: there is no real difference between vertical and horizontal privilege escalation. Stefan _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
