Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: RE: Unchecked buffer in mstask.dll
From: "Curt Purdy" <purdy () tecman com>
Date: Thu, 15 Jul 2004 15:09:30 -0500

Nick FitzGerald wrote:
I'd say that's because you changed the filetype; pif files simply
contain information on how to handle a DOS executable; they aren't a
program themselves. All you did was make it get confused and kill
itself.

Yeah, but how long is it now since we've been telling programmers
"don't trust user-supplied data"??  (Hmmmm -- does it also fail on
W2K3??)

No, in W2K3 you get "Cannot query the properties for this program. There may
not be enough memory available. blah blah" as opposed to 100% cpu in 2K.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity adviser Richard Clarke

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault