[12146] in bugtraq
Re: ActiveX Buffer Overruns
daemon@ATHENA.MIT.EDU (Chris)
Wed Oct 6 15:13:19 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-Id: <199910061115.VAA03824@aussie.org>
Date: Wed, 6 Oct 1999 21:18:05 +1000
Reply-To: Chris <mlnn4@oaks.com.au>
From: Chris <mlnn4@OAKS.COM.AU>
X-To: "BUGTRAQ@SECURITYFOCUS.COM" <BUGTRAQ@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
On Mon, 4 Oct 1999 07:52:53 +0200, Aviram Jenik wrote:
>Buffers passed to a COM object (or ActiveX control: it's the same thing) are
>marshaled by the COM subsystem [snip]
Scuse me for butting in, but I have to say that this is only partially
correct.
YES, the com subsystem will marshall data sent to/from a 'remote' COM object
(be that a separate process on the same system, or a process on a remote
machine).
But NO, the com subsystem does NOT marshall data for an inproc server (i.e.
any COM object exposed as a .DLL, .OCX, or .whatever-Microsoft-calls-them-
today.
If the object is loaded into the calling processes address space, then the
method and property accesses are not marshalled.
As the majority of COM object accesses of the type we are talking about in
-this- thread (that being, I understand, activeX or other com objects
embedded in a browser's rendition of a web page) are in fact inproc, then
marshalling is not a factor that can be relied upon.
-- Chris
