Bugtraq mailing list archives

Re: ActiveX Buffer Overruns

From: mlnn4 () OAKS COM AU (Chris)
Date: Wed, 6 Oct 1999 21:18:05 +1000


On Mon, 4 Oct 1999 07:52:53 +0200, Aviram Jenik wrote:

Buffers passed to a COM object (or ActiveX control: it's the same thing) are
marshaled by the COM subsystem [snip]


Scuse me for butting in, but I have to say that this is only partially
correct.

YES, the com subsystem will marshall data sent to/from a 'remote' COM object
(be that a separate process on the same system, or a process on a remote
machine).

But NO, the com subsystem does NOT marshall data for an inproc server (i.e.
any COM object exposed as a .DLL, .OCX, or .whatever-Microsoft-calls-them-
today.

If the object is loaded into the calling processes address space, then the
method and property accesses are not marshalled.

As the majority of COM object accesses of the type we are talking about in
-this- thread (that being, I understand, activeX or other com objects
embedded in a browser's rendition of a web page) are in fact inproc, then
marshalling is not a factor that can be relied upon.

-- Chris

Current thread:

Re: ActiveX Buffer Overruns Aviram Jenik (Oct 03)
- <Possible follow-ups>
- Re: ActiveX Buffer Overruns Chris (Oct 06)
  - Re: ActiveX Buffer Overruns Michael Nelson (Oct 06)
  - StackGuarded Red Hat 5.2 Released Crispin Cowan (Oct 07)
- Re: ActiveX Buffer Overruns Todd Sabin (Oct 06)