On 30 July 2009 am 09:36:09 Soh Kam Yung wrote:
> [http://arstechnica.com/microsoft/news/2009/07/a-single-extra-resulted-in-i
>e-exploit.ars]
>
> Microsoft isn't alone: I've made this mistake also. Anybody else want
> to confess?
If I understand correctly, this happened 'coz Visual Studio had a defective
template and as per the "Best Practices" every one happily clicked on the
codewizards etc and never bothered to look into the code that is being
generated automagically.
Is that right?
Regards
Anand
>
> =====
> Microsoft has admitted that a single extra ampersand ("&") resulted in
> the recently patched Internet Explorer exploit.
> By Emil Protalinski | Last updated July 29, 2009 3:22 PM CT
>
> [...]
>
> "The extra '&' character in the vulnerable code causes the code to
> write potentially untrusted data, of size cbSize, to the address of
> the pointer to the array, pbArray, rather than write the data into the
> array, and the pointer is on the stack. This is a stack-based buffer
> overrun vulnerability." The typo corrupted the code of the MSVidCtl
> ActiveX control used by Internet Explorer.
>
> Here is the line in question:
>
> hr = pStream->Read((void*)&pbArray, (ULONG)cbSize, NULL);
> should be
> hr = pStream->Read((void*)pbArray, (ULONG)cbSize, NULL);
>
> [...]
> =====
_______________________________________________
Slugnet mailing list
[email protected]
http://wiki.lugs.org.sg/LugsMailingListFaq
http://www.lugs.org.sg/mailman/listinfo/slugnet
