> In all this, I am discounting the fact that if someone is building > untrusted sources, (s)he is most likely going to run the untrusted > program afterwards.
this does not run an untrusted program. if you noted, I named it a "feature bug" and my poc is a simple "hello world" sample Judging from MS extensive information to me,direct from MSRC, this is an issue. remote code can be pulled in and executed without any notice or warning to the user. I am not leveraging directives for CPP ( cc is the Makefile eqiv) MSVC tends to hide ( especially these actions ) to the end user. cheers, Donnie _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
