Thread: Local root exploit in Calibre
View Single Post
Old 11-04-2011, 12:59 PM   #19
splat
Zealot
splat has a complete set of Star Wars action figures.splat has a complete set of Star Wars action figures.splat has a complete set of Star Wars action figures.splat has a complete set of Star Wars action figures.
 
Posts: 106
Karma: 348
Join Date: Dec 2006
Quote:
Originally Posted by frostschutz View Post
You imply physical access and local problem, but all it takes for an attacker is to offer a Calibre plugin for download really. If Calibre provides both the local root exploit and the trust needed to get users to execute their code, that's a very serious issue.
Pretty much this, it's how a vast majority of the Windows bugs are exploited. It might be a local exploit but there are many ways for a remote attacker to leverage it to gain access.
splat is offline   Reply With Quote