http://www.securityfocus.com/bid/3942/discuss
If I am not wrong, that seems really simple to exploit, and fairly annoying.
Of course, if you're in a position to create or edit explorer.exe.manifest, it's already game over. It'll take a little more social engineering for that to be anything even remotely useful.
Who doesn't love barely-documented features like .exe.manifest, anyways? :)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sbscs/setup/application_manifests.asp
Looks documented to me.
Quote from: Warriorx86] link=topic=7628.msg95199#msg95199 date=1161204385]
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sbscs/setup/application_manifests.asp
Looks documented to me.
Barely-documented! I've never heard of it before, and I'd bet that the vast majority of people haven't. That's the kind of thing that's dangerous.
It's not like it's a big part of the OS or anything it just exports some stuff to enable XP visual style on Applications which dont explicitly call it. I've never liked it, it always felt like an ugly hack.
Quote from: iago on October 18, 2006, 04:55:21 PM
Barely-documented! I've never heard of it before, and I'd bet that the vast majority of people haven't. That's the kind of thing that's dangerous.
Quote from: iago on October 17, 2006, 09:39:12 PM
(On a sidenote: I don't pretend to be a Windows expert -- I'm not. I haven't touched Windows for more than a couple minutes in probably 2 years)
Now that we've had that refresher, I'll correct you. The application manifest has been an important part of Windows application development since Windows XP came shipped with version 6 of the common controls (comctl32.dll) and side-by-side versioning. The side-by-side versioning support in Windows XP allows developers to sidestep "DLL Hell" and install multiple versions of assembly modules (.NET and native) on the same machine. Including an application manifest is one of two ways (the other being programmatic) to enable Windows XP Visual Styles to be used on an application and to specify specific versions of assemblies to be imported.
The vast majority of people don't have to hear of it because it's a developer's tool.
It has been part of the Platform SDK documentation since 2002. I'm sorry you've never heard of it.
Quote from: MyndFyrex86] link=topic=7628.msg95211#msg95211 date=1161206434]
Quote from: iago on October 18, 2006, 04:55:21 PM
Barely-documented! I've never heard of it before, and I'd bet that the vast majority of people haven't. That's the kind of thing that's dangerous.
Quote from: iago on October 17, 2006, 09:39:12 PM
(On a sidenote: I don't pretend to be a Windows expert -- I'm not. I haven't touched Windows for more than a couple minutes in probably 2 years)
Anything that can affect an ordinary Windows user without them knowing what's going on can be dangerous.
It's just like what Warrior said -- it seems like an ugly hack. It can affect people in unexpected ways. That's bad. People should always have some idea, even if it's a vague one, what something is going to do.
:S thats my opinion I don't need Myndfyre bot going off on me ;) <3
Quote from: Warriorx86] link=topic=7628.msg95244#msg95244 date=1161215786]
:S thats my opinion I don't need Myndfyre bot going off on me ;) <3
.....
If you look at my post,
both quotes are from iago. I didn't refer to you in any way nor comment on your "dirty hack" assessment.
Quote from: MyndFyrex86] link=topic=7628.msg95273#msg95273 date=1161226298]
Quote from: Warriorx86] link=topic=7628.msg95244#msg95244 date=1161215786]
:S thats my opinion I don't need Myndfyre bot going off on me ;) <3
.....
If you look at my post, both quotes are from iago. I didn't refer to you in any way nor comment on your "dirty hack" assessment.
I was merely predicting the future it was a joke