Linux News
The world is talking about GNU/Linux and Free/Open Source Software
Poor punctuation leads to Windows shell vulnerability
A class of coding vulnerabilities could allow attackers to fool Windows system administrators into running malicious code because of a simple omission: quotation marks.
The attack relies on scripts or batch files that use the command-line interface, or "shell," on a Windows system but contain a simple coding error—allowing untrusted input to be run as a command. In the current incarnation of the exploit, an attacker appends a valid command onto the end of the name of a directory using the ampersand character. A script with the coding error then reads the input and executes the command with administrator rights.
|
|
Full Story |
Subject |
Topic Starter |
Replies |
Views |
Last Post |
a simple explanation |
tuxchick |
2 |
1,512 |
Oct 11, 2014 2:15 PM |
You cannot post until you login.