[26578] in bugtraq
Re: White paper: Exploiting the Win32 API.
daemon@ATHENA.MIT.EDU (Adam Megacz)
Wed Aug 7 14:40:50 2002
To: bugtraq@securityfocus.com
From: Adam Megacz <adam@xwt.org>
Date: 07 Aug 2002 11:10:09 -0700
In-Reply-To: Roland Kaufmann's message of "7 Aug 2002 13:49:23 -0000"
Message-ID: <86lm7ih75q.fsf@megacz.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Roland Kaufmann <roland@ii.uib.no> writes:
> > 3) Microsoft cannot fix these vulnerabilities.
> (b) WM_TIMER messages are posted to the message queue and can be
> filtered by the application, as stated in the documentation for
> this message. The application can have a list over timers and check
> this for validity. (Moral of the story: Don't trust window message
> parameters any more than user input).
I believe this was his point -- Microsoft cannot fix this; we have to
rewrite every single Win32 application and arrange for it to maintain
this list.
This vulnerability strikes me as very similar to gets() -- the OS (or
C library) has provided a primitive which makes it seductively easy to
write insecure code.
- a
--
Sick of HTML user interfaces?
www.xwt.org
Amendment XXVIII: "thou shalt maximize thy stock price at all costs"
