Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Re: [ GLSA 200601-09 ] Wine:Windows MetafileSETABORTPROC vulnerability
From: "Peter Ferrie" <pferrie () symantec com>
Date: Fri, 13 Jan 2006 14:17:02 -0800

Todd Towles:
Can anyone else verify Steve Gibson's assertion that this
flaw was intentionally placed by Microsoft programmers?

It's insecure-by-design, but it's working exactly as written.
It's been in there for _15_ years, and ported to every version of Windows.
Windows 3.0 supports it. :-/
The way I read what he's saying there, he's saying that you enter
malformed input and that malformed input pushes the executable code into
position to be executed...
There is no need for malformed input, though.
The description isn't great, since upon return from the function, Windows
will resume parsing the records in the usual way.
8^) p.
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]