Vista Exploit Surfaces on Russian Hacker Site 103
Datamation writes "Exploit code for Windows Vista (though at this point only proof-of-concept code) has been published to a Russian hacker site, Eweek reports. Certain strings sent through the 'MessageBox' API apparently cause memory corruption. Though this is obviously cause for concern, at the moment it would seem access to the system would already be required to make use of the exploit. Determina has an analysis of the bug. Just last week, Trend Micro reported that Vista zero-days are being sold at underground hacker sites for $50,000."
Re:curious (Score:5, Informative)
Re:Double free vulnerability (Score:4, Informative)
Re:Fscking Visual Basic (Score:5, Informative)
All I can say is... OUCH.
MessageBox() is a fairly commonly used API (it's used to display a message box, with optional icon (none, alert, caution, etc.), and buttons (yes/no, yes/no/cancel, ok/cancel, ok, etc). It's the most trivial way to do a quick debug, or pop up an error message. It's probably one of the most commonly used functions, as well.
Wonder what Microsoft did to break MessageBox(). Considering how often it's used...
Re:I don't have to... (Score:3, Informative)