LNK vulnerability POC re-test

Go down

LNK vulnerability POC re-test

Post by ssj100 on 24/7/2010, 03:58

Original thread here:

I'm going to be posting results of updated security software against this POC vulnerability. In all cases that I am aware of so far, there has been specific re-programming for each software to combat this vulnerability. In other words, the software was unable to block it on day zero (in default configuration).

1. Blue Point Security 2010
This time, Blue Point Security successfully blocks the exploit on both accounts:

2. DefenseWall 3.05:
This time, DefenseWall (appears to) successfully block the exploit on both accounts. However, I can't seem to find any evidence of what exactly is blocked when I go through DefenseWall's Events Log (which is a little strange). It also seems like DefenseWall doesn't actually block Test B in the same way other programs do - instead, DefenseWall appears to somehow prevent this specific LNK file from being able to run in the first place (or from being at all functional) - it doesn't appear to block the DLL file loading/running (in fact, I don't think the DLL file even gets a chance to load). I may do some testing later with Malware Defender to see what exactly DefenseWall is doing (of course, this might be fruitless, as Ilya may have implemented a kernel level change/block that Malware Defender will miss).

Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.forumotion.com

Back to top Go down

Re: LNK vulnerability POC re-test

Post by Ruhe on 27/7/2010, 17:22

Summary of applications that were able to block it (A + B) already on day zero:

- Faronics Anti-Executable 2
- Sandboxie 3.46 (contained)
- GeSWall 2.9 Professional
- Returnil System Safe 2011 RC

Valued Member
Valued Member

Posts : 261
Join date : 2010-04-16
Location : Germany

View user profile

Back to top Go down

Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum