Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Microsoft Operating Systems Software Windows

Vista Exploit Surfaces on Russian Hacker Site 103

Posted by Zonk from the exploits-show-up-in-the-funnest-places dept.
Datamation writes "Exploit code for Windows Vista (though at this point only proof-of-concept code) has been published to a Russian hacker site, Eweek reports. Certain strings sent through the 'MessageBox' API apparently cause memory corruption. Though this is obviously cause for concern, at the moment it would seem access to the system would already be required to make use of the exploit. Determina has an analysis of the bug. Just last week, Trend Micro reported that Vista zero-days are being sold at underground hacker sites for $50,000."
This discussion has been archived. No new comments can be posted.

Vista Exploit Surfaces on Russian Hacker Site More

Vista Exploit Surfaces on Russian Hacker Site

Comments Filter:

  • Meant to say this last week.. but.. (Score:5, Interesting)

    by The Living Fractal ( 162153 ) <banantarr@hot m a i l.com> on Friday December 22, 2006 @04:02PM (#17341644) Homepage
    Obviously Microsoft is missing these holes in Vista in house.

    Maybe the biggest customer for these zero-day exploits should be.. Microsoft?

    $50,000 isn't that much compared to the other option IMHO.

    Just a thought.

    TLF

  • Double free vulnerability (Score:3, Interesting)

    by Utopia ( 149375 ) on Friday December 22, 2006 @04:13PM (#17341804)
    How does one go about exploiting a double free vulnerability?
    The article just mentions that Windows has a double free vulnerability but does not post an exploit (and neither does the russian site which originally reported this issue).

    .

  • Re:Meant to say this last week.. but.. (Score:2, Interesting)

    by lachesis-jp ( 886896 ) on Friday December 22, 2006 @04:14PM (#17341808)
    That's possibly what the guys selling the exploits are hoping for: that Microsoft buys it from them and as you say $50,000 isn't much for Microsoft. Actually, maybe Microsoft should actually start a program to reward people that submit vulnerabilities in relation to security risk caused by it. This might actually help make Vista secure quickly if they pay well. And if they have any confidence in the fact that Vista is a relatively secure OS, they shouldn't have to worry that it is going to cost them too much as each bug that disapear is a bug that won't be discovered anymore.
  • Agreed. It would be generally very poor form for a company to do such a thing.

    And obviously the people who sell these exploits want to get more than one sale out of each one. Selling them to Microsoft means, hopefully, the end of the exploit and no more sales. So if MS really did buy these exploits, they'd have to do it without letting the hackers find out it was them buying the exploits. Because the hackers would probably never want to sell them to MS.

    I'm sure this fits into some science fiction plot somewhere. And the truth as it is said is often stranger than fiction.

    TLF

  • Microsoft still hasn't learned about safe strings! (Score:3, Interesting)

    by raddan ( 519638 ) on Friday December 22, 2006 @04:49PM (#17342280)
    Which is ironic, because they actually have a page [microsoft.com] on handling strings safely. So are they lazy, stupid, or both? Lemme guess-- they couldn't use their own API because someone wrote the MessageBox API in assembly...?

  • More details on this (Score:4, Interesting)

    by wumpus188 ( 657540 ) on Friday December 22, 2006 @05:11PM (#17342548)
    ... from another russian forum [bugtraq.ru] (roughly translated from russian...)

    Function GetHardErrorText
    Comment:
    * This function figures out the message box title, text and flags.
    * We want to do this up front so we can log this error when the hard error is
    * raised. Previously we used to log it after the user had dismissed the message
    * box -- but that was not when the error occurred (DCR Bug 107590)

    This function finds and extracts strings like "{EXCEPTION}" from MessageBox's text and if found, writes them in the system log.

    } else if ((asLocal.Length > 4) && !_strnicmp(asLocal.Buffer, "\\??\\", 4)) {
    strcpy( asLocal.Buffer, asLocal.Buffer+4 );
    Local.Length -= 4;
    Say, nice use of strcpy...

  • Re:Why now? (Score:5, Interesting)

    by hackstraw ( 262471 ) * on Friday December 22, 2006 @05:53PM (#17342968)
    A smart black hat would lay low until SP1 is released, and wait for the real corporate deployment to begin.

    A smart black hat has like a job and a life.

    The only thing I can say that these script kiddies and whatnot are good for is that they are easily detectable and they alert security people of vulnerabilities so that it makes it difficult for people that are really interested in doing real damage or obtaining data that they shouldn't have.

    Its really ironic how valuable these kids are. Without them, real compromises would be more common and much more painful.

Slashdot Top Deals

This restaurant was advertising breakfast any time. So I ordered french toast in the renaissance. - Steven Wright, comedian

Close