Download Protection: RDP files are not checked on Windows
Reported by
resea...@nightwatchcybersecurity.com,
Apr 5 2016
|
||||||
Issue descriptionVERSION Chrome Version: 49.0.2623.110 (Official Build) m (32-bit) Operating System: Windows 2012 R2; version 6.3.9600 REPRODUCTION CASE RDP files can be malicious: https://technet.microsoft.com/library/security/ms15-082 Example file: https://github.com/hjgode/rdmInject/blob/master/RDMinjectDLL/default.rdp
,
Apr 6 2016
,
Apr 15 2016
The RDP file doesn't carry a payload. MS15-082 calls this out as "[allows RCE] if an attacker first places a specially crafted dynamic link library (DLL) file in the target user’s current working directory and then convinces the user to open a Remote Desktop Protocol (RDP) file." The payload is carried in the DLL file, which SafeBrowsing already considers to be supported and dangerous.
,
Apr 15 2016
Re #3, asanka@: yes, thanks for pointing that out. This makes this attack ineffective. research@nightwatchcybersecurity.com: Thanks for reporting the issue. I'm marking the issue as WontFix for the reasons stated in #3 and #4. Please feel free to add more information to the issue if there's a way to use malicious RDP files without placing another binary on the user's machine first.
,
Mar 9 2017
,
Mar 10 2017
For all Download Protection VRP bugs: removing label Restrict-View-Google and adding Restrict-View-SecurityTeam instead.
,
Mar 11 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by nparker@chromium.org
, Apr 6 2016