3 New Windows Security Problems Found 190
DotNM writes "USA Today is running a story that outlines three security issues in Microsoft Corporation's popular Windows desktop operating system product. It describes the issues and urges users not to download .hlp files from email attachments. Apparently there are issues, even for a Windows XP system patched with Service Pack Two."
ANI... (Score:5, Informative)
That's what ANI is in the context of telephone networks. In the context of a Windows system, it's an animated mouse cursor.
Besides, these vulnerabilities were announced yesterday morning on Slashdot!
dupe (Score:1, Informative)
NX != security (Score:2, Informative)
Re:ANI... (Score:4, Informative)
Re:ANI... (Score:1, Informative)
Re:NX != security (Score:2, Informative)
Secondly, dlls are not loaded into "The Heap". In fact, the entire dll is not even executable. The PE header of a dll or exe specifies which segments are executable and which are not.
www.prcview.com has a program which will show you the layout permissions for a process's memory.
You are certainly correct that no one thing will solve all security problems. But everything else in your post is plain wrong.
Open Source Christmas present (Score:3, Informative)
Linux audio community gave me Yamaha DX-7 [vintagesynth.org] synthesizer! This is my dream come true, I can now play some great tunes that made this synthesizer one of the most well known synthesizers. This synthesizer was used on U2's Unforgettable Fire and The Joshua Tree albums. This synthesizer was used by these artists: the Crystal Method, Kraftwerk, Underworld, Orbital, BT, Talking Heads, Brian Eno, Tony Banks, Mike Lindup of Level 42, Jan Hammer, Roger Hodgson, Teddy Riley, Brian Eno, T Lavitz of the Dregs, Sir George Martin, Supertramp, Phil Collins, Stevie Wonder, Daryl Hall, Steve Winwood, Scritti Politti, Babyface, Peter-John Vettese, Depeche Mode, D:Ream, Front 242, U2, A-Ha, Enya, The Cure, Astral Projection, Fluke, Kitaro, Vangelis, Elton John, James Horner, Toto, Donald Fagen, Michael McDonald, Chick Corea, Level 42, Queen, Yes, Michael Boddicker, Julian Lennon, Jean-Michel Jarre, Sneaker Pimps, Greg Phillanganes, Stabbing Westward and Herbie Hancock to name a few.
Can you imagine that? And all this for FREE! Thanks to you guys who made that software synthesizer for Linux!
Wanna have it? Here's [sourceforge.net] where to start.
You see, sometimes the best Christmas presents can be free! Happy Christmas and thank you very much, Open Source world!
Re:Linux Flaws (Score:4, Informative)
Re:NX != security (Score:2, Informative)
Secondly, SP2 contains a BUNCH of useful technologies which are actually specifically designed to make heap overflow exploitation more difficult. These include PEB randomisation (make PEB overwrites harder), safe unlinking (no more unlinking pointer copies -> arbirary overwrite -> root) and chunk header cookies (like stack cookies).
Oh, yeah, and DLLs aren't loaded into the heap. They're loaded at their preferred address and reloated by the loader if required.
Apart from that, good post. Well done.
The SP2 HLP file flaw cannot be remotely exploited (Score:3, Informative)
http://www.xfocus.net/flashsky/icoExp/ [xfocus.net] (Do it at your own risk)
That's so much user interaction that its a low risk issue. If you can convince the user to do that then you might as well send him an exe file and tell him to save and execute that. How about sending a gun with instructions - "point at foot and press trigger"
Re:NX != security (Score:3, Informative)
In Linux it is easier to use NX to protect the heap than to use NX to protect the stack. That is because on the heap, every allocation is explicitly marked executable or not executable. On the stack OTOH you don't have any way to know, if a particular page needs to be executable or not. Not all applications needs an executable stack, but gcc used to use the stack for trampolines, when you had a pointer to a nested function. Unless you can document, why it should be the other way arround in Windows, I don't believe it.
which can be just as bad.
It usually takes more work to exploit an overflow in the heap than in the stack, but as soon as working exploit code have been written, they are equally bad.
Also, if the return address is simply changed to an address on the heap, code in the heap can be executed.
Only if the heap is executable. You might find a usable function in the executable or a library, but you still need to pass arguments to really exploit it.
The heap has the executable bit, because of dynamic libraries loaded into the heap.
This is just plain wrong. The NX bit is about per page protection. Protecting an entire segment was always possible, it is just not usable in most cases.
Re:here's a comment/question to blow ya all away (Score:3, Informative)
As for Windows inside the sandbox, that's as unsecure as Windows on a real PC.