Heya lists & 3APA3A,
3APA3A a écrit :
> Dear full-disclosure_at_lists.grok.org.uk,
>
> There is interesting thing with event logging on Windows. The only
> security aspect of it is event log record tampering and performance
> degradation, but it may become sensitive is some 3rd party software is
> used for automated event log analysis.
>
> The problem is a kind of "Format string" vulnerability where
> user-supplied input is used for event log record. For ReportEvent()
> function %1, %2, etc have a special meaning and are replaced with
> corresponding string from lpStrings.
It looks more like a variable replacement (like $0 $1 ... in bash shell)
than a format string issue to me.
And it seems indeed to be a relevant information disclosure bug.
Cheers,
endrazine-
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Dec 21 2006
Intro
