Hello lists, hello Roger. It's me again.
Sorry for annoyance, but there is one more attack vector with pre-open
files I meant, but forgot to mention. It seems dangerous enough and need
to be investigated for different applications. Attack is against
application relying on mandatory locks.
Attack scenario:
What can be instead of Application? Any application to process user
supplied file which locks this file during processing.
Examples are: Microsoft Office applications, video/audio players, etc. I
expect huge number of applications are vulnerable and will be grateful
to everyone who can help me to find this kind of vulnerabilities
in-the-wild, because this kind of vulnerability is not trivial and hard
to catch without source code analysis.
–
http://securityvulns.com/
/\_/\
{ , . } |\
±-oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
±------------o66o–+ /
|/