Administrivia: Local Windows Overflows

[Dave McKinney <dm () securityfocus com>]

We've let through a number of posts which regard local overflows on
Windows.  While it is likely that these bugs do not have any security
implications, we don't entirely want to discourage discussion of the bugs.
It may be possible that a third-party script or other program may call the
buggy executable with user-supplied arguments, such as in the case of
something like nslookup.exe.  These types of bugs could also be indicative
of a larger problem in a core .dll which could present remote attack
vectors and a potential for exploitation, like for example the
webdav/ntdll.dll vulnerability.

In any case, preference will be given to reports that include detailed
debugging output and possible attack scenarios.

Dave McKinney
Symantec

keyID: BF919DD7
key fingerprint = 494D 6B7D 4611 7A7A 5DBB  3B29 4D89 3A70 BF91 9DD7