Hi,
Cesar Cerrudo wrote a nice little paper about Microsoft's MS05-049 patch
for a vulnerability in csrss that was supposedly fixed earlier in the
MS05-018 patch:
http://www.argeniss.com/research/MSBugPaper.pdf ("Story of a Dumb Patch")
The paper points out that the earlier "fix" added a validation function
prior to a call to the vulnerable function, but that there remained
other code paths to access the vulnerable function.
The new fix addressed the actual vulnerable function.
Stuart
--
Stuart Moore
SecurityTracker.com
SecurityGlobal.net LLC