Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-disclosure] Security Bug in MSVC
From: redsand (redsandredsand.net)
Date: Thu Jan 19 2006 - 14:35:21 CST
i think the author of this advisory is desperate for advisories or
either way he needs to open a disassembler and work on something else.
Pavel Kankovsky wrote:
>On Tue, 17 Jan 2006, Morning Wood wrote:
>>extract, and open hello.dsw
>>click "batch build, build" or "rebuild all"
>>code will execute ( calc.exe and notepad.exe used as an example )
>What's the point of building a bunch of sources unless
>1. you trust their author, or
>2. you have made sure their is nothing malicious there?
>When you build an executable from untrusted sources, you get an untrusted
>executable. Either you run it and you're screwed anyway, or you don't run
>it and you wasted your time building it.
>(Indeed, there are some marginal cases like when you want to build an
>executable file intended to run on someone else's computer...)
>--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
>"Resistance is futile. Open your source code and prepare for assimilation."
>Full-Disclosure - We believe in it.
>Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/