[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability
From: Pavel Kankovsky <peak@xxxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 18 Sep 2010 18:21:01 +0200 (CEST)

On Wed, 8 Sep 2010, jf wrote:

> I still don't see how this is really MSFTs fault. I mean, there's
> defined APIs for getting the version, theres a fairly clear warning on
> MSDN for LoadLibrary & SearchPath; isn't this akin to blaming the OS
> vendor for the app vendor improperly using strcpy?

Providing a very dangerous API to developers and advising them to avoid
the most straightforward way of using it is like giving a hand grenade to
kids and advising them to be very careful when they play with it.

-- 
Pavel Kankovsky aka Peak                          / Jeremiah 9:21        \
"For death is come up into our MS Windows(tm)..." \ 21st century edition /

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability
  - From: Thor (Hammer of God)

References:
- Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability
  - From: jf

Prev by Date: [Full-disclosure] [USN-988-1] Linux kernel vulnerabilities
Next by Date: [Full-disclosure] ManageEngine OpUtils 'Login.do' SQL Injection Vulnerability
Previous by thread: Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability
Next by thread: Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability
Index(es):
- Date
- Thread