Vulnerability Development mailing list archives
RE: VisualBasic auditing
From: "Rob Shein" <shoten () starpower net>
Date: Tue, 18 Feb 2003 14:31:14 -0500
Don't be so sure that buffer overflows won't work; a lot of VB applications rely on DLLs and other such goodies that are written in C++. I've seen many cases where they had a VB coder do most of the app (because they are cheaper to pay), only to farm out specific sections to a C++ coder because the functionality in VB wasn't there. In many ways, if you have the VB source code, it should be easy to check for buffer overflows in and external components because you'll have the layout of the data that gets passed back and forth laid out for you in the code.
-----Original Message----- From: Some d00d [mailto:shavidi () yahoo com] Sent: Sunday, February 16, 2003 2:13 PM To: vuln-dev () securityfocus com Subject: VisualBasic auditing Hi folks I am auditing some network application and a significant number of them are written in MS Visual Basic. Have anyone done some work on exploiting VB software before? I assume that traditional methods such as buffer overflows will not work here. Are there any tools around for this (such as VB disassemblers and de-scramblers)? Can you point me to any sources of information? Thanks in advance, SD
Current thread:
- VisualBasic auditing Some d00d (Feb 18)
- RE: VisualBasic auditing Rob Shein (Feb 18)
- Re: VisualBasic auditing Cesar (Feb 18)
- Re: VisualBasic auditing2 gr00vy (Feb 20)
- Re: VisualBasic auditing Voguemaster (Feb 20)
- Re: VisualBasic auditing Arjun Pednekar (Feb 20)
- <Possible follow-ups>
- RE: VisualBasic auditing Kayne Ian (Softlab) (Feb 20)