From: "FromTheRafters" erratic on
"Ant" <not(a)home.today> wrote in message
news:49adnS4hc88yxNXRnZ2dnUVZ8gWdnZ2d(a)brightview.co.uk...
> "FromTheRafters" wrote:
>
>> "Ant" wrote:
>>> The bug has been around for so long that I'm surprised it hasn't been
>>> exploited earlier. Reminds me of the WMF vulnerability but worse.
>>
>> ...or this:
>>
>> http://en.wikipedia.org/wiki/Format_string_attack
>>
>> Sometimes, the blackhats can keep a secret for an extended period.
>
> An old problem, indeed, but not at all similar. It's not an auto-
> execute thing. Any program written in C or other languages using
> printf-like functions with a variable number of arguments and
> accepting unchecked input is a risk. That's just very bad programming;
> really, a newbie mistake.

Not at all similar, except in respect to the surprise aspect you mentioned.
Sometimes things are around for a long time before knowledge of them becomes
public.


From: "FromTheRafters" erratic on

"Virus Guy" <Virus(a)Guy.com> wrote in message
news:4C48D1A6.BDA146FE(a)Guy.com...
> FromTheRafters wrote:
>
>> >> Ok. If I can find a spare hard disk I might check Win ME.
>> >
>> > Won't matter. The malformed .lnk file (as published) doesn't work
>> > on 9x/ME.
>>
>> I'm reasonably sure that Ant is capable of otherwise "porting" it
>> for Win ME to test for himself
>
> I didn't say he wasn't capable.
>
> I'm saying that there isin't enough of a difference in ME's shell
> compared to win-98se that would make it vulnerable to this exploit.

I see. I was just reacting to the "as published" .lnk file. The 'as
published' exploit may have been NT *vector* specific but not actually
exclusive (once ported) as a demonstatable vulnerability for 9x.


From: Dustin on
"FromTheRafters" <erratic @nomail.afraid.org> wrote in
news:i2hcd4$kun$1(a)news.eternal-september.org:

> "Ant" <not(a)home.today> wrote in message
> news:49adnS4hc88yxNXRnZ2dnUVZ8gWdnZ2d(a)brightview.co.uk...
>> "FromTheRafters" wrote:
>>
>>> "Ant" wrote:
>>>> The bug has been around for so long that I'm surprised it hasn't
>>>> been exploited earlier. Reminds me of the WMF vulnerability but
>>>> worse.
>>>
>>> ...or this:
>>>
>>> http://en.wikipedia.org/wiki/Format_string_attack
>>>
>>> Sometimes, the blackhats can keep a secret for an extended period.
>>
>> An old problem, indeed, but not at all similar. It's not an auto-
>> execute thing. Any program written in C or other languages using
>> printf-like functions with a variable number of arguments and
>> accepting unchecked input is a risk. That's just very bad
>> programming; really, a newbie mistake.
>
> Not at all similar, except in respect to the surprise aspect you
> mentioned. Sometimes things are around for a long time before
> knowledge of them becomes public.
>
>
>

I could have sworn this exploit had been discussed several years ago...


--
"I like your Christ. I don't like your Christians. They are so unlike
your Christ." - author unknown.
From: FromTheRafters on
"Dustin" <bughunter.dustin(a)gmail.com> wrote in message
news:Xns9DC0BCCCEFE3EHHI2948AJD832(a)69.16.185.250...
> "FromTheRafters" <erratic @nomail.afraid.org> wrote in
> news:i2hcd4$kun$1(a)news.eternal-september.org:
>
>> "Ant" <not(a)home.today> wrote in message
>> news:49adnS4hc88yxNXRnZ2dnUVZ8gWdnZ2d(a)brightview.co.uk...
>>> "FromTheRafters" wrote:
>>>
>>>> "Ant" wrote:
>>>>> The bug has been around for so long that I'm surprised it hasn't
>>>>> been exploited earlier. Reminds me of the WMF vulnerability but
>>>>> worse.
>>>>
>>>> ...or this:
>>>>
>>>> http://en.wikipedia.org/wiki/Format_string_attack
>>>>
>>>> Sometimes, the blackhats can keep a secret for an extended period.
>>>
>>> An old problem, indeed, but not at all similar. It's not an auto-
>>> execute thing. Any program written in C or other languages using
>>> printf-like functions with a variable number of arguments and
>>> accepting unchecked input is a risk. That's just very bad
>>> programming; really, a newbie mistake.
>>
>> Not at all similar, except in respect to the surprise aspect you
>> mentioned. Sometimes things are around for a long time before
>> knowledge of them becomes public.
>>
>>
>>
>
> I could have sworn this exploit had been discussed several years
> ago...

A decade in the case of format string attacks.


From: Dustin on
"FromTheRafters" <erratic(a)nomail.afraid.org> wrote in news:i2igpt$ov3$1
@news.eternal-september.org:

>> I could have sworn this exploit had been discussed several years
>> ago...
>
> A decade in the case of format string attacks.

I still blame lazy programmers for that. Seriously, how much more time
does it take a person to write the code to verify the buffer has enough
room for the string; and to invalidate bad configuration data? :(


--
"I like your Christ. I don't like your Christians. They are so unlike
your Christ." - author unknown.
First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4 5 6 7
Prev: Anti-Virus Best one
Next: Win32/RAMNIT.A Anyone?