Firm finds new danger in dangling pointers

Firm finds new danger in dangling pointers
Robert Lemos, SecurityFocus 2007-07-25

In December 2005, technology consultant Inge Henriksen announced he had found a flaw in Microsoft's flagship Web server platform, Internet Information Server (IIS) 5.1. Yet, because the vulnerability appeared impossible to exploit, Microsoft put off patching the issue.

Expand all | Post comment

Firm finds new danger in dangling pointers 2007-07-26
Anonymous

This magical (not new) technique of exploiting dangling pointers has been around for many years. Find a memory leak or utilize designed pseudo memory leak functionality of the application and then trigger the bug. Many exploits have taken advantage of this technique to aid exploitation of more "traditional" vulnerabilities too, where semi-arbitrary memory states are obviously helpful for reliability. Not sure why this is news...

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11477/34763#34763

Firm finds new danger in dangling pointers 2007-07-27
Anonymous

Firm finds new danger in dangling pointers 2007-07-30
Anonymous