Re: White paper: Exploiting the Win32 API.

From: Adam Megacz (adamat_private)
Date: Wed Aug 07 2002 - 11:10:09 PDT

Next message: slack3r: "Re: White paper: Exploiting the Win32 API."

Previous message: Javier Sanchez (Information Systems): "[Full-Disclosure] RE: Windows 2000 Service Pack 3 now available."
Next in thread: John Howie: "RE: White paper: Exploiting the Win32 API."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Roland Kaufmann <rolandat_private> writes:
> > 3)  Microsoft cannot fix these vulnerabilities.

> (b) WM_TIMER messages are posted to the message queue and can be
> filtered by the application, as stated in the documentation for
> this message. The application can have a list over timers and check
> this for validity. (Moral of the story: Don't trust window message
> parameters any more than user input).

I believe this was his point -- Microsoft cannot fix this; we have to
rewrite every single Win32 application and arrange for it to maintain
this list.

This vulnerability strikes me as very similar to gets() -- the OS (or
C library) has provided a primitive which makes it seductively easy to
write insecure code.

  - a

-- 
Sick of HTML user interfaces?
www.xwt.org

Amendment XXVIII: "thou shalt maximize thy stock price at all costs"

Next message: slack3r: "Re: White paper: Exploiting the Win32 API."
Previous message: Javier Sanchez (Information Systems): "[Full-Disclosure] RE: Windows 2000 Service Pack 3 now available."
Next in thread: John Howie: "RE: White paper: Exploiting the Win32 API."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 07 2002 - 11:24:01 PDT