On Mon, 27 Mar 2006, Brian Eaton wrote:
> If I run a pure-java browser, for example, no web site's HTML code is
> going to cause a buffer overflow in the parser.
Even a "pure-java browser" would rest on the top of a huge pile of native
code (OS, JRE, native libraries). A seemingly innocent piece of data
passed to that native code might trigger a bug (perhaps even a buffer
overflow) in it...
Unlikely (read: less likely than a direct attack vector) but still
possible.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics
ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------
Received on Mar 28 2006
Intro
