Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] webmail password protection?



Ian Wells wrote:

> Indeed.  Wasn't there a security flaw which meant that (a) you could send an
> event to get pretty much anything to execute untrusted code and (b) you
> tried to send it to e.g. the virus scanner's UI, which was running priv'ed
> at the time?  The fix may have involved checking events properly in the
> Windows application (possibly the library).
> 
> This is all from memory, so probably distorted.

No, it is quite correct I think.  Although IIRC it had to be a
textbox where you send the message.  AFAICS this is similar to the WMF
bug in that it stems back design decisions in the first versions of
Windows runnning on pre-386 era processors.

-- 
Tobias						PGP: http://9ac7e0bc.uguu.de


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links