So all the malware writer has to do now is figure out how to do the initial exploit in the first place, that would then allow them to muck with path statements or place code in path executable areas. I mean, do you get it, yet? If the malware writer figures out how do the initial exploit, anything can be done, not just the path tricks. My WhereWindowsMalwareHides document(http://weblog.infoworld.com/securityadviser/archives/2006/05/up dated_where_w.html)contains over 145 different tricks and locations where malware can hide and live, along with the path trick. Your point is a valid point, but it's been a known issue for years. You can't skip over the hardest part, the initial exploit, and start picking on one of over a hundred ways to muck with Windows users and call "IE 7 a Spyware Writer's Heaven". I mean you can, but it looks like you're grasping at straws. At least tell us something new, and not something that's been documented for years. Roger -----Original Message----- From: Eliah Kagan [mailto:degeneracypressure@xxxxxxxxx] Sent: Friday, November 03, 2006 9:26 PM To: full-disclosure@xxxxxxxxxxxxxxxxx; bugtraq@xxxxxxxxxxxxxxxxx Subject: Re: Internet Explorer 7 - Still Spyware Writers' Heaven On 11/2/06, Roger A. Grimes wrote: > So, if you're statement is accurate that malware would need to be > placed in a directory identified by the PATH statement, we can relax > because that would require Administrator access to pull off. Admin > access would be needed to modify the PATH statement appropriately to > include the user's desktop or some other new user writable location or > Admin access would be needed to copy a file into the locations > indicated by the default PATH statement. It would not require *administrator* access--non-administrator users can still add things to their own PATHs, just not to the universal, system PATH. (See Control Panel > System > Advanced > Environment Variables.) -Eliah
