Open letter to microsucks. >From: Microsoft Product Security <secnotifat_private> >Reply-To: Microsoft Product Security <secnotifat_private> >To: BUGTRAQat_private >Subject: Microsoft Security Bulletin (MS00-005) >Date: Mon, 17 Jan 2000 16:49:11 -0800 They failed to mention me! and btw it is possible to execute arbitrary code by abusing the fact that one can control ECX also. At least on Win98. "This means that an attacker who wanted to run arbitrary code would need to write a program whose machine language consisted entirely of lower-case alphanumeric data. Microsoft engineers have thoroughly studied this aspect of the vulnerability, and we believe that this is not feasible." So an attacker does just that. Push and pop instructions have nice opcodes. Check Securityfocus database... I made a file which when opened by double clicking runs an eternal loop. Trace that.. Works in Win98 at least. But not limited to. No warranty. Check it. Use your brain. If Microsucks wants users to audit their shit they should at least give the credit to whom the credit is due. Fix http://www.microsoft.com/security/bulletins/MS00-005faq.asp credits also. thanks ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:29:00 PDT