Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: White paper: Exploiting the Win32 API.

From: Chris Calabrese <chris_calabrese () yahoo com>
Date: Wed, 7 Aug 2002 06:38:13 -0700 (PDT)
So let me get this straight.

Allowing unpriveleged processes to send control messages to priveleged
processes is not a flaw in the Win32 API because there is a mechanism
for applications to protect themselves from this type of attack
(alternate Windows Stations/Desktops).

But the mechanism effectively prevents the priveleged processes from
providing a GUI because the user won't be able to actually see the
alternate Windows Stations/Desktops without some kind of Station
switching tool, and/or extra training in how to do this.

So, the result is that no applications actually use this mechanism.

What part of "this is broken" doesn't make sense?

__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: