Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
From: Tavis Ormandy <taviso () cmpxchg8b com>
Date: Thu, 10 Jun 2010 19:59:36 +0200

On Thu, Jun 10, 2010 at 07:21:48PM +0200, Tavis Ormandy wrote:
On Thu, Jun 10, 2010 at 07:02:03PM +0200, Thomas Kristensen wrote:

Nice find, but during our analysis we discovered that your hotfix
unfortunately is inadequate.

For more information see:

Patches are, of course, welcome.

Thanks, Tavis.

Thomas, on some examination, your theory looks accurate, good catch :-)

This doesnt seem unsurmountable, but I'm reluctant to update the patch
which was only intended as a last resort. I'll work on some ideas to
address this.

If you have any thoughts, please let me know.

Thanks, Tavis.

taviso () cmpxchg8b com | pgp encrypted mail preferred

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]