Vulnerability Development mailing list archives
Re: Delphi and buffer overflows
From: Nicolas RUFF <nicolas.ruff () gmail com>
Date: Tue, 18 Apr 2006 18:42:29 +0200
1/ If you mean "Delphi programs are immune to buffer overflows because they have a 'String' data type", you're wrong. See the recent Argosoft FTP Server vulnerability, which is a plain exploitable heap overflow vulnerability. Remember that Delphi has to handle C-style strings to communicate with Windows Native API. 2/ IMHO, decompiling Delphi programs is useless. Most Delphi applications are compiled as native x86 applications nowadays (e.g. Skype), and will be perfectly handled by IDA Pro, with full support of Delphi signatures. Regards, - Nicolas RUFF
Current thread:
- Re: Delphi and buffer overflows Majid2k (Apr 03)
- Re: Delphi and buffer overflows Valdis . Kletnieks (Apr 04)
- Re: Delphi and buffer overflows Gadi Evron (Apr 08)
- Re: Delphi and buffer overflows André Gil (Apr 08)
- Re: Delphi and buffer overflows Alice Bryson (Apr 12)
- Re: Delphi and buffer overflows Nicolas RUFF (Apr 18)
- Re: Delphi and buffer overflows Alice Bryson (Apr 19)
- Re: Delphi and buffer overflows Gadi Evron (Apr 08)
- Re: Delphi and buffer overflows Valdis . Kletnieks (Apr 04)