mailing list archives
Re: Security Bug in MSVC
From: "Morning Wood" <se_cur_ity () hotmail com>
Date: Wed, 18 Jan 2006 11:25:31 -0800
In all this, I am discounting the fact that if someone is building
untrusted sources, (s)he is most likely going to run the untrusted
this does not run an untrusted program.
if you noted, I named it a "feature bug"
and my poc is a simple "hello world" sample
Judging from MS extensive information to me,direct from MSRC, this is an
remote code can be pulled in and executed without any
notice or warning to the user.
I am not leveraging directives for CPP ( cc is the Makefile eqiv)
MSVC tends to hide ( especially these actions ) to the end user.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: Security Bug in MSVC Morning Wood (Jan 20)