To: supercat
i don't deny that there are potential security issues in the loop. What I deny is that this was something MS has been hiding from people and only astute investigation by watchdoggers have exposed it. Anybody that ever learned Windows programming from the books MS publishes knows about the loop, it's been well documented since the 16-bit days. What I find shocking is that apparently so many people never heard of it before.
40 posted on
08/09/2002 7:59:57 AM PDT by
discostu
To: discostu
Anybody that ever learned Windows programming from the books MS publishes knows about the loop, it's been well documented since the 16-bit days. What I find shocking is that apparently so many people never heard of it before. First of all, it's well known that programs like Recorder can send fake keystrokes and other events to applications. Indeed, this ability allows for some useful functionality. The critical details noted in this particular exploit are that the system default handlers allow one application to use events to send any desired amount of data to any desired location within the other process's address space, and then to run the code (again within that other process's address space).
41 posted on
08/09/2002 7:25:14 PM PDT by
supercat
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson