[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100918181024.2F0C.0@paddy.troja.mff.cuni.cz>
Date: Sat, 18 Sep 2010 18:21:01 +0200 (CEST)
From: Pavel Kankovsky <peak@...o.troja.mff.cuni.cz>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Nmap NOT VULNERABLE to Windows DLL Hijacking
Vulnerability
On Wed, 8 Sep 2010, jf wrote:
> I still don't see how this is really MSFTs fault. I mean, there's
> defined APIs for getting the version, theres a fairly clear warning on
> MSDN for LoadLibrary & SearchPath; isn't this akin to blaming the OS
> vendor for the app vendor improperly using strcpy?
Providing a very dangerous API to developers and advising them to avoid
the most straightforward way of using it is like giving a hand grenade to
kids and advising them to be very careful when they play with it.
--
Pavel Kankovsky aka Peak / Jeremiah 9:21 \
"For death is come up into our MS Windows(tm)..." \ 21st century edition /
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists