Vista Exploit Surfaces on Russian Hacker Site
Datamation writes "Exploit code for Windows Vista (though at this point only proof-of-concept code) has been published to a Russian hacker site, Eweek reports. Certain strings sent through the 'MessageBox' API apparently cause memory corruption. Though this is obviously cause for concern, at the moment it would seem access to the system would already be required to make use of the exploit. Determina has an analysis of the bug. Just last week, Trend Micro reported that Vista zero-days are being sold at underground hacker sites for $50,000."
Geez, they don't even need to publish exploit details. I can figure it out from the technical details. Yet again, the need for the CLR to support this moronic language creates a very obvious security flaw. Once again, data being marshalled across process boundaries assumes the VB programmer knows what he's talking about, and doesn't safely pass the message string, instead allowing the marshaller to interpret it as code. Great. I'm sure we'll see a whole bunch of related exploits that target the .NETCOM marshaller.
Doesn't anybody know that the first rule of system programming is "Never trust your input"? Why on earth is something running with SYSTEM privileges not validating input it could have received from a Visual Basic programmer?
mandelbr0t
"Please describe the scientific nature of the 'whammy'" - Agent Scully