Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: White paper: Exploiting the Win32 API.

From: Adam Megacz <adam () xwt org>
Date: 07 Aug 2002 11:10:09 -0700

Roland Kaufmann <roland () ii uib no> writes:

3)  Microsoft cannot fix these vulnerabilities.



(b) WM_TIMER messages are posted to the message queue and can be
filtered by the application, as stated in the documentation for
this message. The application can have a list over timers and check
this for validity. (Moral of the story: Don't trust window message
parameters any more than user input).


I believe this was his point -- Microsoft cannot fix this; we have to
rewrite every single Win32 application and arrange for it to maintain
this list.

This vulnerability strikes me as very similar to gets() -- the OS (or
C library) has provided a primitive which makes it seductively easy to
write insecure code.

  - a


-- 
Sick of HTML user interfaces?
www.xwt.org

Amendment XXVIII: "thou shalt maximize thy stock price at all costs"
Previous By Date Next
Previous By Thread Next

Current thread: