Re: White paper: Exploiting the Win32 API.
From: Adam Megacz (adam@xwt.org)Date: 08/07/02
- Previous message: Alex Loots: "Re: IE SSL Vulnerability"
- Maybe in reply to: Chris Paget: "White paper: Exploiting the Win32 API."
- Next in thread: John Howie: "RE: White paper: Exploiting the Win32 API."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: bugtraq@securityfocus.com From: Adam Megacz <adam@xwt.org> Date: 07 Aug 2002 11:10:09 -0700
Roland Kaufmann <roland@ii.uib.no> writes:
> > 3) Microsoft cannot fix these vulnerabilities.
> (b) WM_TIMER messages are posted to the message queue and can be
> filtered by the application, as stated in the documentation for
> this message. The application can have a list over timers and check
> this for validity. (Moral of the story: Don't trust window message
> parameters any more than user input).
I believe this was his point -- Microsoft cannot fix this; we have to
rewrite every single Win32 application and arrange for it to maintain
this list.
This vulnerability strikes me as very similar to gets() -- the OS (or
C library) has provided a primitive which makes it seductively easy to
write insecure code.
- a
-- Sick of HTML user interfaces? www.xwt.orgAmendment XXVIII: "thou shalt maximize thy stock price at all costs"
- Previous message: Alex Loots: "Re: IE SSL Vulnerability"
- Maybe in reply to: Chris Paget: "White paper: Exploiting the Win32 API."
- Next in thread: John Howie: "RE: White paper: Exploiting the Win32 API."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
