Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: [ GLSA 200601-09 ] Wine:Windows MetafileSETABORTPROC vulnerability
From: bkfsec <bkfsec () sdf lonestar org>
Date: Fri, 13 Jan 2006 18:22:23 -0500

Peter Ferrie wrote:

bkfsec:

The way I read what he's saying there, he's saying that you enter
malformed input and that malformed input pushes the executable code into
position to be executed...

There is no need for malformed input, though.
The description isn't great, since upon return from the function, Windows
will resume parsing the records in the usual way.

8^) p.


I agree - I was focusing on how Gibson described it and his justification of it being a planted vulnerability. *shrug*
            -bkfsec


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]