Scanning Formats (TIFF vs. JPEG)
Chuck Guzis
cclist at sydex.com
Fri Aug 18 12:58:45 CDT 2006
On 8/18/2006 at 5:59 PM Jules Richardson wrote:
>As an aside: I've never quite understood these OS image vunerabilities.
>Doesn't any modern OS provide sufficient protection such that a process
>can't just stomp all over memory at random? Unless the problem is just a
Windows
>thing...
Sloppy programming (really, there's no excuse for not including
bounds-checking when decoding)is a big part of the picture. In Windows'
case, a lot of the vulnerabilities seem to be a combination of sloppy
coding and including "features" that have vulnerabilities inherent. (e.g.
OLE in browser applets, executables in email attachments...) Of course, if
a set of object libraries with inherent vulnerabilities in them is used,
bugs get re-used too.
Cheers,
Chuck
(Looking at something like 13 "security" patches to Win2K this month)
More information about the cctalk
mailing list