[Full-disclosure] Re: Security Bug in MSVC
Dave Korn
davek_throwaway at hotmail.com
Wed Jan 18 19:58:55 GMT 2006
Jason Coombs wrote in news:43CD7A48.1020800 at science.org
> Morning Wood wrote:
>> ------------------------------------------------------------
>> - EXPL-A-2006-002 exploitlabs.com Advisory 048 -
>> ------------------------------------------------------------
>>
>> - MSVC 6.0 run file bug -
>
> Nice thinking, Donnie. This must be the "new class of vulnerability"
> that was hinted at by Microserfs a few months ago... The attacks are
> launched by way of source code distributions rather than binary code.
Why is this a terrible insecure microsoftism, when GNU make does exactly
the same?
And let's never forget those evil 'configure' scripts. Hell, at least
they actually *have* been an attack vector on several occasions.
cheers,
DaveK
--
Can't think of a witty .sigline today....
Full-Disclosure is hosted and sponsored by Secunia.