Bugtraq: Re: [Full-Disclosure] RE: Unchecked buffer in mstask.dll

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [Full-Disclosure] RE: Unchecked buffer in mstask.dll

From: "Curt Purdy" <purdy () tecman com>
Date: Thu, 15 Jul 2004 15:09:30 -0500

Nick FitzGerald wrote:

I'd say that's because you changed the filetype; pif files simply
contain information on how to handle a DOS executable; they aren't a
program themselves. All you did was make it get confused and kill
itself.


Yeah, but how long is it now since we've been telling programmers
"don't trust user-supplied data"??  (Hmmmm -- does it also fail on
W2K3??)


No, in W2K3 you get "Cannot query the properties for this program. There may
not be enough memory available. blah blah" as opposed to 100% cpu in 2K.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity adviser Richard Clarke

By Date By Thread

Current thread:

RE: Unchecked buffer in mstask.dll, (continued)
- RE: Unchecked buffer in mstask.dll Paul Szabo (Jul 15)
  - RE: Unchecked buffer in mstask.dll Dmitry Yu. Bolkhovityanov (Jul 18)
    - RE: [ok] [Full-Disclosure] RE: Unchecked buffer in mstask.dll Curt Purdy (Jul 18)
  - Re: [Full-Disclosure] RE: Unchecked buffer in mstask.dll Jordan Cole (stilist) (Jul 18)
    - Re: [Full-Disclosure] RE: Unchecked buffer in mstask.dll Nick FitzGerald (Jul 18)
    - Re: [Full-Disclosure] RE: Unchecked buffer in mstask.dll Curt Purdy (Jul 18)
- RE: Unchecked buffer in mstask.dll Thor Larholm (Jul 15)