We've let through a number of posts which regard local overflows on Windows. While it is likely that these bugs do not have any security implications, we don't entirely want to discourage discussion of the bugs. It may be possible that a third-party script or other program may call the buggy executable with user-supplied arguments, such as in the case of something like nslookup.exe. These types of bugs could also be indicative of a larger problem in a core .dll which could present remote attack vectors and a potential for exploitation, like for example the webdav/ntdll.dll vulnerability. In any case, preference will be given to reports that include detailed debugging output and possible attack scenarios. Dave McKinney Symantec keyID: BF919DD7 key fingerprint = 494D 6B7D 4611 7A7A 5DBB 3B29 4D89 3A70 BF91 9DD7
This archive was generated by hypermail 2b30 : Tue Apr 29 2003 - 13:00:55 PDT