Author Topic: .manifest DoS?  (Read 5056 times)

0 Members and 2 Guests are viewing this topic.

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
.manifest DoS?
« on: October 18, 2006, 12:09:37 am »
http://www.securityfocus.com/bid/3942/discuss

If I am not wrong, that seems really simple to exploit, and fairly annoying.
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: .manifest DoS?
« Reply #1 on: October 18, 2006, 10:08:30 am »
Of course, if you're in a position to create or edit explorer.exe.manifest, it's already game over.  It'll take a little more social engineering for that to be anything even remotely useful. 

Who doesn't love barely-documented features like .exe.manifest, anyways? :)

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: .manifest DoS?
« Reply #3 on: October 18, 2006, 04:55:21 pm »
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sbscs/setup/application_manifests.asp
Looks documented to me.
Barely-documented! I've never heard of it before, and I'd bet that the vast majority of people haven't.  That's the kind of thing that's dangerous.

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: .manifest DoS?
« Reply #4 on: October 18, 2006, 05:06:24 pm »
It's not like it's a big part of the OS or anything it just exports some stuff to enable XP visual style on Applications which dont explicitly call it. I've never liked it, it always felt like an ugly hack.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline MyndFyre

  • Boticulator Extraordinaire
  • x86
  • Hero Member
  • *****
  • Posts: 4540
  • The wait is over.
    • View Profile
    • JinxBot :: the evolution in boticulation
Re: .manifest DoS?
« Reply #5 on: October 18, 2006, 05:20:34 pm »
Barely-documented! I've never heard of it before, and I'd bet that the vast majority of people haven't.  That's the kind of thing that's dangerous.

(On a sidenote: I don't pretend to be a Windows expert -- I'm not.  I haven't touched Windows for more than a couple minutes in probably 2 years)
Now that we've had that refresher, I'll correct you.  The application manifest has been an important part of Windows application development since Windows XP came shipped with version 6 of the common controls (comctl32.dll) and side-by-side versioning.  The side-by-side versioning support in Windows XP allows developers to sidestep "DLL Hell" and install multiple versions of assembly modules (.NET and native) on the same machine.  Including an application manifest is one of two ways (the other being programmatic) to enable Windows XP Visual Styles to be used on an application and to specify specific versions of assemblies to be imported.

The vast majority of people don't have to hear of it because it's a developer's tool.

It has been part of the Platform SDK documentation since 2002.  I'm sorry you've never heard of it.
I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Our species really annoys me.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: .manifest DoS?
« Reply #6 on: October 18, 2006, 07:08:25 pm »
Barely-documented! I've never heard of it before, and I'd bet that the vast majority of people haven't.  That's the kind of thing that's dangerous.

(On a sidenote: I don't pretend to be a Windows expert -- I'm not.  I haven't touched Windows for more than a couple minutes in probably 2 years)

Anything that can affect an ordinary Windows user without them knowing what's going on can be dangerous. 

It's just like what Warrior said -- it seems like an ugly hack.  It can affect people in unexpected ways.  That's bad.  People should always have some idea, even if it's a vague one, what something is going to do.

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: .manifest DoS?
« Reply #7 on: October 18, 2006, 07:56:26 pm »
:S thats my opinion I don't need Myndfyre bot going off on me ;) <3
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline MyndFyre

  • Boticulator Extraordinaire
  • x86
  • Hero Member
  • *****
  • Posts: 4540
  • The wait is over.
    • View Profile
    • JinxBot :: the evolution in boticulation
Re: .manifest DoS?
« Reply #8 on: October 18, 2006, 10:51:38 pm »
:S thats my opinion I don't need Myndfyre bot going off on me ;) <3
.....

If you look at my post, both quotes are from iago.  I didn't refer to you in any way nor comment on your "dirty hack" assessment.
I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Our species really annoys me.

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: .manifest DoS?
« Reply #9 on: October 19, 2006, 07:23:15 am »
:S thats my opinion I don't need Myndfyre bot going off on me ;) <3
.....

If you look at my post, both quotes are from iago.  I didn't refer to you in any way nor comment on your "dirty hack" assessment.

I was merely predicting the future it was a joke
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling