RE: VisualBasic auditing

From: Rob Shein (shoten@starpower.net)
Date: 02/18/03

  • Next message: Cesar: "Re: VisualBasic auditing" 
    From: "Rob Shein" <shoten@starpower.net>
To: "'Some d00d'" <shavidi@yahoo.com>, <vuln-dev@securityfocus.com>
Date: Tue, 18 Feb 2003 14:31:14 -0500

    Don't be so sure that buffer overflows won't work; a lot of VB applications
    rely on DLLs and other such goodies that are written in C++. I've seen many
    cases where they had a VB coder do most of the app (because they are cheaper
    to pay), only to farm out specific sections to a C++ coder because the
    functionality in VB wasn't there. In many ways, if you have the VB source
    code, it should be easy to check for buffer overflows in and external
    components because you'll have the layout of the data that gets passed back
    and forth laid out for you in the code.

    > -----Original Message-----
    > From: Some d00d [mailto:shavidi@yahoo.com]
    > Sent: Sunday, February 16, 2003 2:13 PM
    > To: vuln-dev@securityfocus.com
    > Subject: VisualBasic auditing
    >
    >
    >
    >
    >
    >
    > Hi folks
    >
    >
    >
    >
    > I am auditing some network application and a
    > significant number of them are written in MS Visual
    > Basic. Have anyone done some work on exploiting VB
    > software before? I assume that traditional methods such
    > as buffer overflows will not work here.
    >
    >
    >
    >
    > Are there any tools around for this (such as VB
    > disassemblers and de-scramblers)?
    >
    >
    > Can you point me to any sources of information?
    >
    >
    >
    >
    > Thanks in advance, SD
    >