Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:
Greenbelt, MD 08/22

Regularly scheduled events

Report this Comment
Use this form to report the selected comment to the moderators. Reporting should generally be used only if the comment breaks forum rules.

25. Re: This goes way beyond being a browser exploit. Oct 17, 2012, 17:58 hb3d
 
hb3d wrote on Oct 17, 2012, 17:07:
That Uplay exploit effected everyone too, and everyone that had the game plugin installed, not just IE.
I went back and read the Uplay researcher's original post again and I see that the plug-in didn't use ActiveX. The title of the post was "Re: AxMan ActiveX fuzzing" but that was a misleading title since it was actually a thread about a different exploit and the researcher just mentioned his new find in that same thread.

You still need to be able to have knowledge of what's where, to be able to execute this exploit.
No, you don't because Windows environment variables will tell you that. Plus most users use default installation locations for Windows and Steam.

And before that you need to be able to have access to something to be able to create the batch file,
Well as stated in the article the Source engine will do that for the attacker if a Source engine game is installed. But, hardly anyone plays Source engine games, right?

This comment was edited on Oct 17, 2012, 18:10.
 
 
Subject
  
Optional
Message
 
Login Email   Password Remember Me
If you don't already have a Blue's News user account, you can sign up here.
Forgotten your password? Click here.
 




footer

Blue's News logo