Poor punctuation leads to Windows shell vulnerability

  • 10 October 2014
  • 0 replies
  • 278 views

Userlevel 7
Badge +54

An attack on Windows scripts shows that quotation marks aren't just for writers.

by Robert Lemos - Oct 10 2014
 
A class of coding vulnerabilities could allow attackers to fool Windows system administrators into running malicious code because of a simple omission: quotation marks.
The attack relies on scripts or batch files that use the command-line interface, or "shell," on a Windows system but contain a simple coding error—allowing untrusted input to be run as a command. In the current incarnation of the exploit, an attacker appends a valid command onto the end of the name of a directory using the ampersand character. A script with the coding error then reads the input and executes the command with administrator rights.
 
Full Article

0 replies

Be the first to reply!

Reply