Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vista Exploit Surfaces on Russian Hacker Site

Posted by Zonk on from the exploits-show-up-in-the-funnest-places dept.

Datamation writes "Exploit code for Windows Vista (though at this point only proof-of-concept code) has been published to a Russian hacker site, Eweek reports. Certain strings sent through the 'MessageBox' API apparently cause memory corruption. Though this is obviously cause for concern, at the moment it would seem access to the system would already be required to make use of the exploit. Determina has an analysis of the bug. Just last week, Trend Micro reported that Vista zero-days are being sold at underground hacker sites for $50,000."

4 of 103 comments (clear)

  1. Re:curious by minus_273 · · Score: 4, Informative

    probably a lot more if you can use it to get a lot of zombies and bots for DDOS attacks and SPAM. I'm thinking the SPAM alone should cover the cost if you can get an installed base quickly.

    --
    The war with islam is a war on the beast
    The war on terror is a war for peace
  2. Re:Double free vulnerability by cnettel · · Score: 3, Informative

    It really depends on the heap (the specific data structures keeping track of the blocks) in use, but it can result in other blocks also beeing freed incorrectly. If you are able to replace the first block at the address with another, during the relevant timespan, you can get THAT one freed, which then can cause some other part of the kernel, relying on that new data, to crash. As the buffers involved here are all allocated in-kernel, I would think you need to do some tricky timing-dependent work to get a real exploit going. If you don't have debugging privileges, you won't know the address used yourself, and you'll need to trick some other API to choose to allocate that very same memory, unless, of course, the data structures are severly damaged by just the double-free event, without any new allocation between the two.

  3. Re:Fscking Visual Basic by tlhIngan · · Score: 4, Informative
    I just read TFA. Let me get this straight. The exploit is in MessageBox()?
    Awesome.


    All I can say is... OUCH.

    MessageBox() is a fairly commonly used API (it's used to display a message box, with optional icon (none, alert, caution, etc.), and buttons (yes/no, yes/no/cancel, ok/cancel, ok, etc). It's the most trivial way to do a quick debug, or pop up an error message. It's probably one of the most commonly used functions, as well.

    Wonder what Microsoft did to break MessageBox(). Considering how often it's used...
  4. Re:I don't have to... by Esine · · Score: 3, Informative

    For those who didn't understand: http://attrition.org/postal/z/033/0871.html