Bugtraq: Re: White paper: Exploiting the Win32 API.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: White paper: Exploiting the Win32 API.

From: Adam Megacz <adam () xwt org>
Date: 07 Aug 2002 11:10:09 -0700


Roland Kaufmann <roland () ii uib no> writes:

3)  Microsoft cannot fix these vulnerabilities.

(b) WM_TIMER messages are posted to the message queue and can be
filtered by the application, as stated in the documentation for
this message. The application can have a list over timers and check
this for validity. (Moral of the story: Don't trust window message
parameters any more than user input).


I believe this was his point -- Microsoft cannot fix this; we have to
rewrite every single Win32 application and arrange for it to maintain
this list.

This vulnerability strikes me as very similar to gets() -- the OS (or
C library) has provided a primitive which makes it seductively easy to
write insecure code.

  - a


-- 
Sick of HTML user interfaces?
www.xwt.org

Amendment XXVIII: "thou shalt maximize thy stock price at all costs"

By Date By Thread

Current thread:

Re: White paper: Exploiting the Win32 API., (continued)
- RE: White paper: Exploiting the Win32 API. John Howie (Aug 06)
- Re: White paper: Exploiting the Win32 API. Roland Kaufmann (Aug 07)
  - Re: White paper: Exploiting the Win32 API. Adam Megacz (Aug 07)
- Re: White paper: Exploiting the Win32 API. Chris Calabrese (Aug 07)
  - Re: White paper: Exploiting the Win32 API. slack3r (Aug 07)
  - RE: White paper: Exploiting the Win32 API. Kenn Humborg (Aug 10)
- RE: White paper: Exploiting the Win32 API. John Howie (Aug 07)
- Re: White paper: Exploiting the Win32 API. Simos Xenitellis (Aug 09)