OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Chalmers, Matthew (FUSA) (MatthewChalmersFirstUSA.com)
Date: Tue Dec 11 2001 - 11:04:50 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I agree with Filip, an ActiveX control with an engineered buffer overrun
    vulnerability is a back door. Something the programmer put in to get
    privileged access later.

    A vulnerability is there but the code requires an external catalyst to
    activate, unlike a trojan.

    > > I do not see the difference with a Trojan horse. A Trojan
    > > horse looks on the
    > > outside like something useful (or at least something harmless), but
    > > something harmfull is on the inside. In this case, it
    > > installs a sort of a
    > > backdoor on the victim's computer, doesn't it?
    >
    > Not at all. A Trojan horse has the bad code in the program.
    > The engineered
    > hijack ActiveX program doesn't have "bad" code inside. An
    > exploit would
    > have to be created in addition to the ActiveX program in
    > order to create any
    > kind of malware. The engineered hijack ActiveX program just has the
    > potential to be exploited. Of course, the intention of the
    > programmer is to
    > use the purposely installed vulnerability for an exploit.
    >
    > The only difference between this ActiveX that's been engineered with a
    > buffer overflow and the ActiveX program that has a buffer overflow by
    > accident is the programmer's intentions. The engineered
    > ActiveX program
    > without the exploit isn't be harmful. I guess you can argue that the
    > programmer's intentions determine whether an ActiveX program
    > is considered a
    > Trojan horse or a program with a vulnerability.

    **********************************************************************
    This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you
    **********************************************************************