RE: Code Group Question

From: Ivan Medvedev [MS] (ivanmed_at_online.microsoft.com)
Date: 07/10/03


Date: Wed, 09 Jul 2003 22:12:20 GMT


Scot -
the managed IE control scenario is special in a way the security checks are
done. When the security checks walk the stack on the very top of it they
see a special AppDomain frame, whose security is based on the html page
evidence (url, zone, etc.) rather than your control evidence. To fix the
problem what you probably need is find the methods that are called directly
from the web page script and Assert() an appropriate permission in those
methods.
Hope this helps.
--Ivan
This posting is provided "AS IS" with no warranties, and confers no rights.



Relevant Pages

  • [REVS] Writing Buffer Overflow Exploits - a Tutorial for Beginners
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Buffer overflows in user input dependent buffers have become one of the ... The bottom of the stack ... To keep it simple, shellcode is simply assembler commands, which we write ...
    (Securiteam)
  • Re: Ultra-Fast Stateless Forward Signing
    ... The protocol stack has security built in, ... There are no options for selecting multiple symmetric ciphers or ... problems of mobility and security for last. ...
    (sci.crypt)
  • Re: History of byte addressing
    ... And I believe that the problems with validating Burroughs' security ... Isn't it sufficient to prove that the compiler ... Burroughs has different versions of the compiler, one for the OS and one ... And stack overflow checking. ...
    (comp.arch)
  • Re: [Full-Disclosure] Re: Buffer overflow prevention
    ... his code cant run off your stack. ... It does provide some form security, but only a really tiny amount. ... You can download it from the PaX site ... I think there are several reasons why the major Linux ...
    (Full-Disclosure)
  • Re: Intermittent Net Access And Zonealarm
    ... Installing a personal firewall requires rigid ... Even one such change might open new security ... >>holes in the stack itself or in networking applications. ...
    (comp.security.firewalls)