Send e-mail to ACROS SecurityACROS Security's public PGP key  

Binary Planting - The Official Web Site

IMPORTANT: This project has fulfilled its life mission by drawing attention to a class of remotely exploitable vulnerabilities that was previously not well known - especially among developers, where it really counts. Hundreds of widely used products by leading software vendors have been fixed and are now less likely to become vulnerable again, and Microsoft has implemented changes in the behavior of Windows applications that, if employed, make attacks more difficult. We don't expect any significant developments to occur in this area any more and have thus closed the public section of this research. The web site will remain live to keep links from other sites working and because information provided here remains useful for those looking for vulnerabilities as well as those trying to avoid creating them.

Click to see if you're exposed to remote Binary Planting attacks

This is the official web site for the extensive Binary Planting research project conducted by ACROS Security. The research was focused on various types of vulnerabilities where an attacker with low privileges can place (i.e., "plant") a malicious executable file (i.e., "binary") to some possibly remote location and get it launched by some vulnerable application running on user's computer.

Our research found that binary planting vulnerabilities are affecting a large percentage of Windows applications and often allowing for trivial exploitation. We identified ~520 remotely exploitable bugs in ~200 widely-used Windows applications.

Many of the publicized binary planting vulnerabilities originate from Windows loading libraries and executables from the current working directory (see here, here and here). For a successful attack using such vulnerabilities, the attacker must make sure that the vulnerable application has its current working directory set to a location under her control before it tries to load a binary (e.g., DLL or EXE) in an insecure way. One of the easiest ways to achieve this is to get the targeted user to open a remote network share under attacker's control, and convince him to open a data file (e.g., a music file, document, contact file, or a presentation) from there.

Learn more:

Online Binary Planting Exposure Test
Test your computer and your network for exposure to Internet-based binary planting attacks

Binary Planting Attack Vectors
Many ways in which an attacker can entice a user to visit her malicious shared folder

Guidelines for Developers
How developers can eliminate binary planting vulnerabilities from their products

Guidelines for Administrators
How administrators can limit or prevent exploitation of binary planting bugs in their networks and on their computers

Follow AcrosSecurity on Twitter get immediate updates as we reveal our research.