Date: Wed, 19 Aug 1998 11:16:35 +0200 From: Neil Blakey-Milner <nbm@rucus.ru.ac.za> To: Michael Richards <026809r@dragon.acadiau.ca>, security@FreeBSD.ORG Subject: Re: Why don't winblows program have buffer overruns? Message-ID: <19980819111635.A18535@rucus.ru.ac.za> In-Reply-To: <199808162301.UAA09103@dragon.acadiau.ca>; from Michael Richards on Sun, Aug 16, 1998 at 08:01:11PM -0300 References: <199808162301.UAA09103@dragon.acadiau.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun 1998-08-16 (20:01), Michael Richards wrote: > Why aren't there buffer overruns for winblows that overrun the stack and > execute nasty code? I realise that there is no way to get a shell, but being > able to exec "format" is still a useful thing for a cracker to do on a > windows box. On Bugtraq recently, a Microsoft bulletin (MS98-011): //------ Long strings do not normally occur in scripts and must be intentionally created by someone with malicious intent. A skilled hacker could use this malicious script message to run arbitrary computer code contained in the long string. The following software is affected by this vulnerability: - Microsoft Internet Explorer 4.0, 4.01, 4.01 SP1 on Windows 95 and Windows NT 4.0 - Microsoft Windows 98 Internet Explorer 4 for Windows 3.1, Windows NT 3.51, Macintosh and UNIX (Solaris) are not affected by this problem. Internet Explorer 3.x is not affected by this problem. //------ Neil -- Neil Blakey-Milner nbm@rucus.ru.ac.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980819111635.A18535>