|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
NTCrash2
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: NTCrash2
- From: Paul Ashton <paulARGO.DEMON.CO.UK>
- Date: Wed, 25 Mar 1998 16:11:17 +0000
- Reply-To: Paul Ashton <paulARGO.DEMON.CO.UK>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
From: http://www.ntinternals.com/ntdll.htm by Mark Russinovich. > A little over a year ago I wrote a program called NTCrash that barraged > the Native API interface with garbage parameters. The program discovered > 13 WIN32K system services that failed to perform comprehensive parameter > validation, the result of which were Blue Screens. Microsoft closed these > holes in Service Pack 1. > About two months ago I revisited NTCrash and tweaked it to be more intelligent > about generating garbage - the garbage this new version, NTCrash2, produces > hits boundary conditions that can be easy to miss in validation. In fact, > this revision found 40 more APIs with Blue Screen holes. Microsoft has been > made aware of the holes and they will be closed in Service Pack 4." 40?! I wonder how many of these could be turned into exploits? Paul -- "Il software e' come il sesso; e' meglio quando e' gratis - LT"
- Prev by Date: More MS Y2K non-compliance... (fwd)
- Next by Date: Re: Stubborn Licenses
- Prev by thread: Re: More MS Y2K non-compliance... (fwd)
- Next by thread: SQL IIS
- Index(es):