Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Security Bug in MSVC
From: redsand <redsand () redsand net>
Date: Thu, 19 Jan 2006 14:35:21 -0600



i think the author of this advisory is desperate for advisories or attention.

either way he needs to open a disassembler and work on something else.

Pavel Kankovsky wrote:

On Tue, 17 Jan 2006, Morning Wood wrote:

extract, and open hello.dsw
click "batch build, build" or "rebuild all"
code will execute ( calc.exe and notepad.exe used as an example )

What's the point of building a bunch of sources unless
1. you trust their author, or
2. you have made sure their is nothing malicious there?

When you build an executable from untrusted sources, you get an untrusted
executable. Either you run it and you're screwed anyway, or you don't run
it and you wasted your time building it.

(Indeed, there are some marginal cases like when you want to build an executable file intended to run on someone else's computer...)

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]