XP/Vista IGMP Buffer Overflow — Explained

HalvarFlake writes "With all the hoopla about the remotely exploitable, kernel-level buffer overflow discussed in today's security bulletin MS08-0001, what is the actual bug that triggers this? The bulletin doesn't give all that much information. This movie (Flash required) goes through the process of examining the 'pre-patch' version of tcpip.sys and comparing it against the 'post-patch' version of tcpip.sys. This comparison yields the actual code that causes the overflow: A mistake in the calculation of the required size in a dynamic allocation."

well gee

[sentientbrendan]

>This comparison yields the actual code that causes the overflow:
>A mistake in the calculation of the required size in a dynamic allocation

I hope no one else makes this mistake.

Re:well gee

[nizo]

It worked so well for Office 2003, perhaps Microsoft could create a patch that would keep the OS from opening insecure packets from other vendors and their older products?

Sounds like HowStuffWorks material!

[Ai+Olor-Wile]

Hooray! Windows vulnerabilities are so commonplace now that there are public educational documentaries about their life-cycles and internals, so that the people can stay informed. Brilliant!

It's just a mistake!

[EmbeddedJanitor]

OMG! I thought it might be a bug, but thankfully it's just a mistake!

Dang it all.

[palegray.net]

Darn pesky kids and their fancy buffer overflows. I outta HEAP on the insults, but I'll try to stick to my PROGRAM of keeping my smoke STACK cool.

Re:Dang it all.

You're PUSHing it. One more pun and I'll POP you in the mouth.

Mmmm, mmmm, good!

[Gription]

Don't feed the trolls. ???
But that is the primary reason for /. to begin with!?