One character price per vulnerability
Perhaps many are aware of the recent visibility in the ActiveX component of MSVidCtl, which could potentially allow an attacker to execute arbitrary code using a buffer overflow. Recently, a description of a programmer's error appeared in a blog about the practice of SDL, which led to a security vulnerability.
The error is in one character, instead of the correct code:
the programmer wrote
the use of the extra character & (getting the address) led to the fact that the attacker was able to perform a remote buffer overflow with known consequences.
You can read more about this error, why it was missed and what will be done to prevent such errors from appearing anymore, you can read in the blog; there is also a description and another error related to ATL.
The error is in one character, instead of the correct code:
hr = pStream->Read(( void *)pbArray, (ULONG)cbSize, NULL);
* This source code was highlighted with Source Code Highlighter .the programmer wrote
hr = pStream->Read(( void *) & pbArray, (ULONG)cbSize, NULL);
* This source code was highlighted with Source Code Highlighter .the use of the extra character & (getting the address) led to the fact that the attacker was able to perform a remote buffer overflow with known consequences.
You can read more about this error, why it was missed and what will be done to prevent such errors from appearing anymore, you can read in the blog; there is also a description and another error related to ATL.
')
Source: https://habr.com/ru/post/66145/
All Articles