Slashdot Mirror

← Back to Stories (view on slashdot.org)

Four New Unpatched Windows Vulnerabilities

Posted by CowboyNeal on Friday December 24, 2004 @01:03AM from the most-wonderful-time-of-the-year dept.

peeon writes "Right before Christmas, four new Windows NT/2k/XP vulnerabilities were posted to the Bugtraq list. This story discusses two of the vulnerabilities in the LoadImage function (buffer overflow) and Windows Help program (heap overflow), but the Chinese company discovered two more exploits in the parsing of a specially crafted ANI file (causes DoS). A Bugtraq posting has more details."

3 of 273 comments (clear)

Re:Forced Upgrade. by aurispector · 2004-12-24 01:19 · Score: 1, Troll

MS OS's peaked out at DOS 6.22

--
I have mod points. The reign of terror begins now.
Is it really this hard... by AC-x · 2004-12-24 01:54 · Score: 0, Troll

...to write software without buffer overflow problems?

It's not just MS, even plenty of OSS programs have buffer overflow exploits.

I haven't done any lowlevel programming, but can it really be that difficult to do

malloc buffer MAX_BUFFER_SIZE
if(mem_to_copy.length>MAX_BUFFER_ SIZE){
return ERROR_DATA_TOO_LONG
}else{
copy(mem_to_copy,buffer)
}

?
"Four New Unpatched Windows Vulnerabilities" by RzUpAnmsCwrds · 2004-12-24 10:12 · Score: 1, Troll

"Four New Unpatched Windows Vulnerabilities"

What a load of bull. This article is blatant Microsoft bashing.

Repeat after me: XP SP2 is not affected

Since when has "fixed in SP2" been the same as "unpatched"?