Bugtraq mailing list archives
Re: White paper: Exploiting the Win32 API.
From: Chris Calabrese <chris_calabrese () yahoo com>
Date: Wed, 7 Aug 2002 06:38:13 -0700 (PDT)
So let me get this straight. Allowing unpriveleged processes to send control messages to priveleged processes is not a flaw in the Win32 API because there is a mechanism for applications to protect themselves from this type of attack (alternate Windows Stations/Desktops). But the mechanism effectively prevents the priveleged processes from providing a GUI because the user won't be able to actually see the alternate Windows Stations/Desktops without some kind of Station switching tool, and/or extra training in how to do this. So, the result is that no applications actually use this mechanism. What part of "this is broken" doesn't make sense? __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com
Current thread:
- Re: White paper: Exploiting the Win32 API., (continued)
- Re: White paper: Exploiting the Win32 API. Florian Weimer (Aug 06)
- Re: White paper: Exploiting the Win32 API. Andrey Kolishak (Aug 10)
- Re: White paper: Exploiting the Win32 API. Paul Starzetz (Aug 27)
- RE: White paper: Exploiting the Win32 API. John Howie (Aug 06)
- Re: White paper: Exploiting the Win32 API. Chris Paget (Aug 06)
- Re: White paper: Exploiting the Win32 API. Florian Weimer (Aug 06)
- RE: White paper: Exploiting the Win32 API. Marc Maiffret (Aug 10)
- RE: White paper: Exploiting the Win32 API. John Howie (Aug 06)
- Re: White paper: Exploiting the Win32 API. Roland Kaufmann (Aug 07)
- Re: White paper: Exploiting the Win32 API. Adam Megacz (Aug 07)
- Re: White paper: Exploiting the Win32 API. Chris Calabrese (Aug 07)
- Re: White paper: Exploiting the Win32 API. slack3r (Aug 07)
- RE: White paper: Exploiting the Win32 API. Kenn Humborg (Aug 10)
- RE: White paper: Exploiting the Win32 API. John Howie (Aug 07)
- Re: White paper: Exploiting the Win32 API. Simos Xenitellis (Aug 09)
- RE: White paper: Exploiting the Win32 API. Rothe, Greg (G.A.) (Aug 28)
- RE: White paper: Exploiting the Win32 API. Drew (Aug 28)
- Re: White paper: Exploiting the Win32 API. Chris Paget (Aug 29)
- RE: White paper: Exploiting the Win32 API. Drew (Aug 28)