Firm finds new danger in dangling pointers

Firm finds new danger in dangling pointers
Robert Lemos, SecurityFocus 2007-07-25

In December 2005, technology consultant Inge Henriksen announced he had found a flaw in Microsoft's flagship Web server platform, Internet Information Server (IIS) 5.1. Yet, because the vulnerability appeared impossible to exploit, Microsoft put off patching the issue.

Colapse all | Post comment

Firm finds new danger in dangling pointers 2007-07-26
Anonymous

This magical (not new) technique of exploiting dangling pointers has been around for many years. Find a memory leak or utilize designed pseudo memory leak functionality of the application and then trigger the bug. Many exploits have taken advantage of this technique to aid exploitation of more "trad...

[ more ] [ reply ]

Firm finds new danger in dangling pointers 2007-07-27
Anonymous

This is intriguing. Moving to garbage-collected languages is not feasible or even desirable for everyone, and software will continue to be written in C++, C, etc., for years to come. Some straightforward things being done in educational settings to try to understand the reasons we continue to enco...

[ more ] [ reply ]

Firm finds new danger in dangling pointers 2007-07-30
Anonymous

A Vista dangling pointer - Windows Vista CSRSS Dangling Process Pointer Privilege Escalation, http://research.eeye.com/html/advisories/published/AD20070410b.html...

[ more ] [ reply ]