Monday, November 06, 2006

Watch out for JPGs now - update #1

Hi folks,

In my earlier blog post, I said that I thought the XML Core Services 0-day didn't work. Looks like I was wrong. It seems that if you actually have XML Core Services (MSXML 4.0) installed, it works nicely, thank you very much.

On my test system, it installed a new copy of Explorer.exe and a dll. So far, no avs recognize the dropped programs, and so far, on my test system, they don't do much. Of course, these days, it's not unusual for malcode to recognize that they are in a virtual environment, and thus refuse to run. I think it's reasonable to assume that, any file dropped by any 0-day, is not there for your health.

I don't really imagine that squillions of people will have MSXML 4.0 installed, but if you have, you should be careful.

More to follow.



At 5:40 PM, Blogger Alan Golder - Dinnertime Bandit said...

I participated in the Linkscanner beta, and I'm now taking advantage of the 1 year free use of the full version. Excellent product guys, as was Socket Shield.


Post a Comment

<< Home