lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <43D01B00.3070004@heapoverflow.com>
Date: Thu Jan 19 23:05:24 2006
From: ad at heapoverflow.com (ad@...poverflow.com)
Subject: Security Bug in MSVC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
not up to you.

redsand wrote:
>
>
> like selling all my M$ Excel exploits
>
> ad@...poverflow.com wrote:
>
> and me I think most FD members are desesperate of such newcomer
> comments, you have nothing to say interesting about his work he's
> doing before you were born.
>
> redsand wrote:
>
>
>>>> i think the author of this advisory is desperate for
>>>> advisories or attention.
>>>>
>>>> either way he needs to open a disassembler and work on
>>>> something else.
>>>>
>>>> Pavel Kankovsky wrote:
>>>>
>>>>
>>>>> On Tue, 17 Jan 2006, Morning Wood wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> extract, and open hello.dsw click "batch build, build" or
>>>>>>  "rebuild all" code will execute ( calc.exe and
>>>>>> notepad.exe used as an example )
>>>>>>
>>>>>>
>>>>> What's the point of building a bunch of sources unless 1.
>>>>> you trust their author, or 2. you have made sure their is
>>>>> nothing malicious there?
>>>>>
>>>>> When you build an executable from untrusted sources, you
>>>>> get an untrusted executable. Either you run it and you're
>>>>> screwed anyway, or you don't run it and you wasted your
>>>>> time building it.
>>>>>
>>>>>
>>>>> (Indeed, there are some marginal cases like when you want
>>>>> to build an executable file intended to run on someone
>>>>> else's computer...)
>>>>>
>>>>> --Pavel Kankovsky aka Peak  [ Boycott
>>>>> Microsoft--http://www.vcnet.com/bms ] "Resistance is
>>>>> futile. Open your source code and prepare for
>>>>> assimilation."
>>>>>
>>>>> _______________________________________________
>>>>> Full-Disclosure - We believe in it. Charter:
>>>>> http://lists.grok.org.uk/full-disclosure-charter.html
>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Full-Disclosure - We believe in it. Charter:
>>>> http://lists.grok.org.uk/full-disclosure-charter.html Hosted
>>>> and sponsored by Secunia - http://secunia.com/
>>>>
>>>>
>>>>
>>>>
>
> 7
>>>
>
>>>
>
>
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iQIVAwUBQ9AbAK+LRXunxpxfAQKNyhAAhtQnjmz90rgrBCOwHHuSkMaRtszPbIv3
DkE0u0reWJLkqXmGUEPJ1KZ3IvxYIbwOTT2qfSFwJYRytu9vhhgNTkOPbezq98Gu
SwSsSgBkC1bKzxuRsta9ChUdBg/ajoKJ5tw7xOxtgMhfNWkbx5iDsu8jCN20NuJQ
pdF5Vds49jlpv3Bu1aUcmDDbI9jPGEtxWP8ZiX7OT3WTJTl8LtE6WmUMQ73J4msL
6rb3bfJod827jCxGMoYxhL4PV9kpIYSzwmkjXjcNw4Kou3MTqfUAXVaWd82cyfq2
cRhCBhwcYQXoCMV9H8uk/HoNLhlJMUSCA1WPyTApXe3QDokhUWVMrzkGB1fcgJVF
3yoXaQ1faIdK7wT1r185p/MH0FQsPDhJlHfrF9KbetVX7+6JnWG1sNrLIqVZP2ss
5Pvvevc06UjYmNJ4OhwdfdCoFYRFBX+Ibd60wTmr5zEweBE/z69bUKeQXBrU9sDj
Ep0dtVOIl2aSkE+n+FnEtquaWz+JQWEBDh+IS666BKXutcKWjTYV5rF1jkcC6nNX
TVm5Cyg7FL6oTWtRzR/6Cdi3+NNWRSu/E9pCdSuNatYP+IL1+22y5Ge6TQkPkBVp
8HzCBggh1Tnwy6qnxMbt+yJw4Aq7Eqf02dwlYA0Nup47V0OQ5eutiInG0CINxt0d
3dq8HxbaM80=
=AXCW
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ