Poor punctuation leads to Windows shell vulnerability

Posted by BernardSwiss on Oct 11, 2014 10:24 AM EDT
Ars Technica; By Robert Lemos
Mail this story
Print this story

A class of coding vulnerabilities could allow attackers to fool Windows system administrators into running malicious code because of a simple omission: quotation marks.

The attack relies on scripts or batch files that use the command-line interface, or "shell," on a Windows system but contain a simple coding error—allowing untrusted input to be run as a command. In the current incarnation of the exploit, an attacker appends a valid command onto the end of the name of a directory using the ampersand character. A script with the coding error then reads the input and executes the command with administrator rights.

Full Story

  Nav
» Read more about: Story Type: News Story, Security; Groups: Microsoft

« Return to the newswire homepage

Subject Topic Starter Replies Views Last Post
a simple explanation tuxchick 2 1,510 Oct 11, 2014 2:15 PM

You cannot post until you login.