<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnerability Development: Re: Delphi and buffer overflows

Re: Delphi and buffer overflows

From: Nicolas RUFF <nicolas.ruff_at_gmail.com>
Date: Tue, 18 Apr 2006 18:42:29 +0200

1/ If you mean "Delphi programs are immune to buffer overflows because
they have a 'String' data type", you're wrong.

See the recent Argosoft FTP Server vulnerability, which is a plain
exploitable heap overflow vulnerability. Remember that Delphi has to
handle C-style strings to communicate with Windows Native API.

2/ IMHO, decompiling Delphi programs is useless. Most Delphi
applications are compiled as native x86 applications nowadays (e.g.
Skype), and will be perfectly handled by IDA Pro, with full support of
Delphi signatures.

Regards,
- Nicolas RUFF
Received on Apr 18 2006

This message: [ Message body ]
Next message: newslist_at_security-briefings.com: "New site about security conferences : www.security-briefings.com"
Previous message: Valdis.Kletnieks_at_vt.edu: "Re: Sourceforge.net XSS"
In reply to: Alice Bryson: "Re: Delphi and buffer overflows"
Next in thread: Alice Bryson: "Re: Delphi and buffer overflows"
Reply: Alice Bryson: "Re: Delphi and buffer overflows"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos