These dangerous files (in general, any file can pose a treat) exploit a bug in a certain program or driver, usually via a buffer overflow. If your program uses that driver/helper/whatever, it can possibly lead to the virus being downloaded by proxy, even if your program is bug-free.
With the media files, they generally attack (or exploit) the codec that runs them. Because of this, the exploit code will run with the same permissions as the user running your application - if the user is running your app as admin (or is just running as admin on non UAC systems) then the exploit has full rights.
The rule is: never trust the input. If you run/execute external files (even via a linked library or embedded third party control) then you should avoid requiring that your app run as admin.
发布评论
评论(2)
这些危险文件(一般来说,任何文件都可以带来好处)通常通过缓冲区溢出来利用特定程序或驱动程序中的错误。如果您的程序使用该驱动程序/帮助程序/其他内容,即使您的程序没有错误,也可能会导致通过代理下载病毒。
These dangerous files (in general, any file can pose a treat) exploit a bug in a certain program or driver, usually via a buffer overflow. If your program uses that driver/helper/whatever, it can possibly lead to the virus being downloaded by proxy, even if your program is bug-free.
对于媒体文件,它们通常会攻击(或利用)运行它们的编解码器。因此,漏洞利用代码将以与运行应用程序的用户相同的权限运行 - 如果用户以管理员身份运行您的应用程序(或者只是在非 UAC 系统上以管理员身份运行),则漏洞利用程序拥有完全权限。
规则是:永远不要相信输入。如果您运行/执行外部文件(即使通过链接库或嵌入式第三方控件),那么您应该避免要求您的应用程序以管理员身份运行。
With the media files, they generally attack (or exploit) the codec that runs them. Because of this, the exploit code will run with the same permissions as the user running your application - if the user is running your app as admin (or is just running as admin on non UAC systems) then the exploit has full rights.
The rule is: never trust the input. If you run/execute external files (even via a linked library or embedded third party control) then you should avoid requiring that your app run as admin.