Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability

On Wed, 8 Sep 2010, jf wrote:

I still don't see how this is really MSFTs fault. I mean, there's
defined APIs for getting the version, theres a fairly clear warning on
MSDN for LoadLibrary & SearchPath; isn't this akin to blaming the OS
vendor for the app vendor improperly using strcpy?

Providing a very dangerous API to developers and advising them to avoid
the most straightforward way of using it is like giving a hand grenade to
kids and advising them to be very careful when they play with it.

Pavel Kankovsky aka Peak / Jeremiah 9:21 \
"For death is come up into our MS Windows(tm)..." \ 21st century edition /

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -