Dailydave mailing list archives
RE: WMF and the Windows Vulnerability Drought :>
From: "Dave Korn" <dave.korn () artimi com>
Date: Thu, 5 Jan 2006 11:25:35 -0000
Michael A Stevens wrote:
From
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/gdi/wingdista rt_9ezp.asp
"Security Considerations: GDI
.... Bitmaps, metafiles, and fonts are complex structures that could become corrupted. It is good practice to try to ensure that these items are uncorrupted and from a trustworthy source.
Perhaps whoever wrote that should have hit the IE developers with their clue-stick.
Even more so whoever it was decided to move GDI into kernel-mode. I'd bet my $VALUABLE_ANATOMY_PART that there are masses of ring0 exploits yet to be found in NtGdiXxxx/NtUserXxxx functions. Privilege escalation, anyone? ;) cheers, DaveK -- Can't think of a witty .sigline today....
Current thread:
- Re: WMF and the Windows Vulnerability Drought :>, (continued)
- Re: WMF and the Windows Vulnerability Drought :> Barrie Dempster (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Joanna Rutkowska (Jan 02)
- Re[2]: WMF and the Windows Vulnerability Drought :> Thierry Zoller (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Joanna Rutkowska (Jan 02)
- Re[2]: WMF and the Windows Vulnerability Drought :> Thierry Zoller (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> H D Moore (Jan 02)
- RE: WMF and the Windows Vulnerability Drought :> El Nahual (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Orlando Padilla (Jan 03)
- Re: WMF and the Windows Vulnerability Drought :> Florian Weimer (Jan 03)
- RE: WMF and the Windows Vulnerability Drought :> El Nahual (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Frank Knobbe (Jan 02)
- Re: WMF and the Windows Vulnerability Drought :> Michael A Stevens (Jan 04)
- RE: WMF and the Windows Vulnerability Drought :> Dave Korn (Jan 05)
- RE: WMF and the Windows Vulnerability Drought :> nahual () g-con org (Jan 04)