Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Re: [ GLSA 200601-09 ] Wine:Windows MetafileSETABORTPROC vulnerability

From: "Peter Ferrie" <pferrie () symantec com>
Date: Fri, 13 Jan 2006 14:17:02 -0800
Todd Towles:
 

Can anyone else verify Steve Gibson's assertion that this
flaw was intentionally placed by Microsoft programmers?


It's insecure-by-design, but it's working exactly as written.
It's been in there for _15_ years, and ported to every version of Windows.
Windows 3.0 supports it. :-/
 
bkfsec:
 

The way I read what he's saying there, he's saying that you enter
malformed input and that malformed input pushes the executable code into
position to be executed...

 
There is no need for malformed input, though.
The description isn't great, since upon return from the function, Windows
will resume parsing the records in the usual way.
 
8^) p.
 
 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: