Great overview, Todd! I've just wanted to mention that MS downplayed the vulnerabilities I've found in Vista's Sidebar gadgets. In my blog post (http://aviv.raffon.net/2007/08/16/VistaGadgetsGoneWild.aspx), I've demonstrated a scenario where a worm can be propagated by exploiting the vulnerability in the RSS feeds gadget. I don't understand why Microsoft rated this vulnerability as important, instead of critical. --Aviv. -----Original Message----- From: Todd Manning [mailto:sflist@xxxxxxxxxxxxxxxxxx] Sent: Thursday, September 13, 2007 8:47 PM To: bugtraq@xxxxxxxxxxxxxxxxx Subject: Re: Next generation malware: Windows Vista's gadget API On Sep 13, 2007, at 04:16 AM, Tim Brown wrote: > A paper has just been released on the Windows Vista's gadget API. The > abstract is as follows: > > Windows has had the ability to embed HTML into it's user interface > for many > years. Right back to and including Windows NT 4.0, it has been > possible to > embed HTML into the task bar, but the OS has always maintained a > sandbox, > from which the HTML has been unable to escape. All this changes > with Windows > Vista. This paper seeks to inform system administrators, users and the > wider community on both potential attack vectors using gadgets and the > mitigations provided by Windows Vista. > > The full paper can be found at http://www.portcullis-security.com/ > 165.php. > Good paper; Since this is out there I figure I'll forward the much shorter article I wrote that details an attack against the contact gadget, which was patched last month. https://strikecenter.bpointsys.com/articles/2007/08/26/vista-gadget- patches-in-ms07-048
