It would hardly be worth mentioning otherwise. Cheers, Mitja > -----Original Message----- > From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx > [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf > Of Dan Kaminsky > Sent: Thursday, June 02, 2011 5:36 PM > To: security@xxxxxxxxxxxxxxxxx > Cc: si-cert@xxxxxxxx; full-disclosure@xxxxxxxxxxxxxxxxx; > bugtraq@xxxxxxxxxxxxxxxxx; cert@xxxxxxxx > Subject: Re: [Full-disclosure] COM Server-Based Binary > Planting Proof OfConcept > > Does this run code without prompting, on a reasonably default > configuration? > > On Thu, Jun 2, 2011 at 7:52 AM, ACROS Security Lists > <lists@xxxxxxxx> wrote: > > > > We published a remote/local proof of concept for the COM > Server-Based > > Binary Planting exploit presented at the Hack in the Box > conference in Amsterdam. > > > > Feel free to try it out online if WebDAV works through your > firewall, > > or download it and test it in your local network or simply > on your computer. > > > > > http://blog.acrossecurity.com/2011/06/com-server-based-binary-planting > > -proof.html > > or > > http://bit.ly/iSxHKO > > > > Best regards, > > > > Mitja Kolsek > > CEO&CTO > > > > ACROS, d.o.o. > > Makedonska ulica 113 > > SI - 2000 Maribor, Slovenia > > tel: +386 2 3000 280 > > fax: +386 2 3000 282 > > web: http://www.acrossecurity.com > > > > ACROS Security: Finding Your Digital Vulnerabilities Before > Others Do > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
