[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <43CFF809.60400@redsand.net>
Date: Thu Jan 19 20:35:31 2006
From: redsand at redsand.net (redsand)
Subject: Security Bug in MSVC
i think the author of this advisory is desperate for advisories or
attention.
either way he needs to open a disassembler and work on something else.
Pavel Kankovsky wrote:
>On Tue, 17 Jan 2006, Morning Wood wrote:
>
>
>
>>extract, and open hello.dsw
>>click "batch build, build" or "rebuild all"
>>code will execute ( calc.exe and notepad.exe used as an example )
>>
>>
>
>What's the point of building a bunch of sources unless
>1. you trust their author, or
>2. you have made sure their is nothing malicious there?
>
>When you build an executable from untrusted sources, you get an untrusted
>executable. Either you run it and you're screwed anyway, or you don't run
>it and you wasted your time building it.
>
>(Indeed, there are some marginal cases like when you want to build an
>executable file intended to run on someone else's computer...)
>
>--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
>"Resistance is futile. Open your source code and prepare for assimilation."
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
Powered by blists - more mailing lists