Date: Wed, 25 Mar 1998 16:11:17 +0000 From: Paul Ashton <paulat_private> To: NTBUGTRAQat_private Subject: NTCrash2 From: http://www.ntinternals.com/ntdll.htm by Mark Russinovich. > A little over a year ago I wrote a program called NTCrash that barraged > the Native API interface with garbage parameters. The program discovered > 13 WIN32K system services that failed to perform comprehensive parameter > validation, the result of which were Blue Screens. Microsoft closed these > holes in Service Pack 1. > About two months ago I revisited NTCrash and tweaked it to be more intelligent > about generating garbage - the garbage this new version, NTCrash2, produces > hits boundary conditions that can be easy to miss in validation. In fact, > this revision found 40 more APIs with Blue Screen holes. Microsoft has been > made aware of the holes and they will be closed in Service Pack 4." 40?! I wonder how many of these could be turned into exploits? Paul -- "Il software e' come il sesso; e' meglio quando e' gratis - LT"
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:47:05 PDT