[Full-disclosure] Re: [ GLSA 200601-09 ] Wine:Windows MetafileSETABORTPROC vulnerability
bkfsec
bkfsec at sdf.lonestar.org
Fri Jan 13 23:22:23 GMT 2006
Peter Ferrie wrote:
>bkfsec:
>
>
>
>>The way I read what he's saying there, he's saying that you enter
>>malformed input and that malformed input pushes the executable code into
>>position to be executed...
>>
>>
>
>There is no need for malformed input, though.
>The description isn't great, since upon return from the function, Windows
>will resume parsing the records in the usual way.
>
>8^) p.
>
>
>
>
I agree - I was focusing on how Gibson described it and his
justification of it being a planted vulnerability. *shrug*
-bkfsec
Full-Disclosure is hosted and sponsored by Secunia.