|09 May 2011||#1|
Silently Pwning Protected-Mode IE9 and Innocent Windows Applications
This blog post sets up the stage for our Hack in the box presentation in Amsterdam on May 19.
Those familiar with Windows COM servers know that they come in two types, in-process and out-of-process. For this post, the former type is of interest: an in-process COM server is a dynamic link library (DLL) that a COM client instantiates when needed, usually by calling the CoCreateInstance function with the class identifier (CLSID) of the said COM server. What happens then is the COM server initialization code looks up the provided CLSID in local registry under key HKEY_CLASSES_ROOT\CLSID, and finds the path to the DLL under the InProcServer32 subkey. It then expands eventual environment strings in the obtained DLL path and calls LoadLibrary with the resulting path. Whatever happens afterwards is of no interest to us here.
|My System Specs|
|Similar help and support threads for2: Silently Pwning Protected-Mode IE9 and Innocent Windows Applications|
|Windows xp mode applications - add how?||Virtualization|
|Windows 7 Internet Protected Mode Off||Browsers & Mail|
|windows xp mode is not protected||Virtualization|
|32-bit apps fail silently on 64-bit Windows 7||BSOD Help and Support|
|Protected mode in Windows 7 -- Internet Explorer 8||Browsers & Mail|
|IE8 Protected Mode Help||Browsers & Mail|
|Windows 7 UAC Flaw Silently Elevates Malware Access||General Discussion|
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd
All times are GMT -5. The time now is 08:26 AM.