Mourning the loss of our friend, WhitPhil.
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
General Security
Tag Cloud
access audio black screen blue screen boot bsod connection crash dell desktop drivers dvd email error excel excel 2003 firefox hard drive hardware hdmi hijackthis internet keyboard laptop malware monitor motherboard network networking outlook problem recovery router safe mode screen slow sound spyware tdlwsp.dll trojan vba video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
Vista, preventing IE7 shellcode exploits

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
lunarlander's Avatar
Computer Specs
Senior Member with 1,329 posts.
  
Join Date: Sep 2007
17-Jan-2009, 10:06 PM #1
Vista, preventing IE7 shellcode exploits
In Vista, there is a feature called Protected Mode, which is an 'integrity' label attached to a directory or file. IE7 has an integrity label of LOW, which prevents it or any subprocess of it to Write to any file and directory of Medium integrity. Most files of Vista are medium integrity. And any file not explicitly labeled is also of medium integrity.

An integrity label settings can actually prevent READ, WRITE and EXECUTION. Although Vista only employs the forbid to write feature.

Shellcode, to the best of my knowlege, needs access to CMD.EXE. It's integrity label can be modified to Medium -- No Read, No Write, No Execute with the method below

Create a file called blockaccess_x86.inf with these lines:

-----------------------------
Code:
[Unicode]
Unicode=yes
[Version]
signature="$CHICAGO$"
Revision=1
[File Security]
"%windir%\system32\cmd.exe",2,"S:(ML;;NWNRNX;;;ME)"
----------------------------

Then right click CMD and 'Run as Administrator' and execute this command:

----------------------------
Code:
SecEdit /configure /db BlockAccess.sdb /cfg blockaccess_x86.inf
----------------------------

After this modification, no low integrity application can read, write or execute CMD.exe.
Closed Thread Bookmark and Share

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 02:19 AM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.