Re: [SLUG] From PC Magazine...

From: Eric Jahn (eric@ejahn.net)
Date: Mon Jul 28 2003 - 13:59:03 EDT


eweek just released an article about how a Chinese organization released
some code to exploit this vulnerability. Exactly what about a buffer
overflow renders a machine so open to hacking? Are buffer overflows not
a problem in Java because you don't manipulate pointers as in C++ or C?

On Mon, 2003-07-28 at 13:22, David R. Meyer wrote:
> Widespread Windows Hole Discovered
> >From ExtremeTech:
> Microsoft Corp. revealed a gaping hole inside most Windows PCs last
> week. The flaw lies in DirectX, the set of graphics and multimedia
> routines that games and media applications use. Specifically, the
> vulnerability lives in the part of the DirectShow DirectX component that
> works with MIDI music files. A rogue MIDI file can trigger a buffer
> overflow, then take advantage of that to run malicious code on the
> victim's machine. Hackers can transmit corrupt MIDIs through Web pages,
> e-mails, or file-sharing. Microsoft rates this threat as critical, and
> the vulnerability affects most Windows users. Before you do anything
> else, go to the ExtremeTech article to get the information you need
> about this serious threat and how to head it off.
>



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:59:36 EDT