Full Disclosure mailing list archives

Re: Security Bug in MSVC

From: "Morning Wood" <se_cur_ity () hotmail com>
Date: Wed, 18 Jan 2006 11:25:31 -0800

In all this, I am discounting the fact that if someone is building
untrusted sources, (s)he is most likely going to run the untrusted
program afterwards.


this does not run an untrusted program.
if you noted, I named it a "feature bug"
and my poc is a simple "hello world" sample

Judging from MS extensive information to me,direct from MSRC, this is an
issue.
remote code can be pulled in and executed without any
notice or warning to the user.
I am not leveraging directives for CPP ( cc is the Makefile eqiv)

MSVC tends to hide ( especially these actions ) to the end user.

cheers,
Donnie
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Security Bug in MSVC Morning Wood (Jan 17)
- Re: Security Bug in MSVC ad () heapoverflow com (Jan 17)
  - Re: Security Bug in MSVC Stan Bubrouski (Jan 17)
- Re: Security Bug in MSVC Jason Coombs (Jan 17)
  - Re: Security Bug in MSVC Dave Korn (Jan 18)
    - Re: Re: Security Bug in MSVC Jason Coombs (Jan 18)
    - Re: Re: Security Bug in MSVC bkfsec (Jan 18)
    - Re: Re: Security Bug in MSVC Dave Korn (Jan 19)
- Re: Security Bug in MSVC Joachim Schipper (Jan 18)
  - Re: Security Bug in MSVC Morning Wood (Jan 18)
- Re: Security Bug in MSVC Pavel Kankovsky (Jan 19)
  - Re: Security Bug in MSVC redsand (Jan 19)
    - Re: Security Bug in MSVC Stan Bubrouski (Jan 19)
    - Re: Security Bug in MSVC ad () heapoverflow com (Jan 19)
    - Re: Security Bug in MSVC redsand (Jan 19)
    - Re: Security Bug in MSVC ad () heapoverflow com (Jan 19)
  - Re: Security Bug in MSVC Morning Wood (Jan 19)
- <Possible follow-ups>
- Re: Security Bug in MSVC Otter E (Jan 19)