Cesar Cerrudo wrote a nice little paper about Microsoft's MS05-049 patch for a vulnerability in csrss that was supposedly fixed earlier in the MS05-018 patch:

http://www.argeniss.com/research/MSBugPaper.pdf ("Story of a Dumb Patch")

The paper points out that the earlier "fix" added a validation function prior to a call to the vulnerable function, but that there remained other code paths to access the vulnerable function.

The new fix addressed the actual vulnerable function.

Stuart Moore
SecurityGlobal.net LLC

Reply via email to