Bugtraq mailing list archives
Re: White paper: Exploiting the Win32 API.
From: Florian Weimer <Weimer () CERT Uni-Stuttgart DE>
Date: Tue, 06 Aug 2002 22:51:46 +0200
"John Howie" <JHowie () securitytoolkit com> writes:
This class of attack is not new, it has been discussed before. While you can assert that the blame lies with Microsoft (and I'll admit they do have some responsibility to address the problem you describe)
A bit of MSDN browsing revealed that Microsoft has already "fixed" the vulnerabilites, despite the claim that this was impossible. The concepts are called "window stations" and "desktops", and there is plenty of documentation. Everything is there: separate sets of hooks, separate message queues, and so on. Maybe there are some flaws, but the overall design seems to be sound. -- Florian Weimer Weimer () CERT Uni-Stuttgart DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898
Current thread:
- White paper: Exploiting the Win32 API. Chris Paget (Aug 06)
- Re: White paper: Exploiting the Win32 API. Chad Loder (Aug 06)
- Re: White paper: Exploiting the Win32 API. Florian Weimer (Aug 06)
- Re: White paper: Exploiting the Win32 API. Andrey Kolishak (Aug 10)
- Re: White paper: Exploiting the Win32 API. Paul Starzetz (Aug 27)
- <Possible follow-ups>
- RE: White paper: Exploiting the Win32 API. John Howie (Aug 06)
- Re: White paper: Exploiting the Win32 API. Chris Paget (Aug 06)
- Re: White paper: Exploiting the Win32 API. Florian Weimer (Aug 06)
- RE: White paper: Exploiting the Win32 API. Marc Maiffret (Aug 10)
- RE: White paper: Exploiting the Win32 API. John Howie (Aug 06)
- Re: White paper: Exploiting the Win32 API. Roland Kaufmann (Aug 07)
- Re: White paper: Exploiting the Win32 API. Adam Megacz (Aug 07)
- Re: White paper: Exploiting the Win32 API. Chris Calabrese (Aug 07)
- Re: White paper: Exploiting the Win32 API. slack3r (Aug 07)
- RE: White paper: Exploiting the Win32 API. Kenn Humborg (Aug 10)
- RE: White paper: Exploiting the Win32 API. John Howie (Aug 07)
- Re: White paper: Exploiting the Win32 API. Simos Xenitellis (Aug 09)
- RE: White paper: Exploiting the Win32 API. Rothe, Greg (G.A.) (Aug 28)
(Thread continues...)