Replies

Anybody that ever learned Windows programming from the books MS publishes knows about the loop, it's been well documented since the 16-bit days. What I find shocking is that apparently so many people never heard of it before.

First of all, it's well known that programs like Recorder can send fake keystrokes and other events to applications. Indeed, this ability allows for some useful functionality. The critical details noted in this particular exploit are that the system default handlers allow one application to use events to send any desired amount of data to any desired location within the other process's address space, and then to run the code (again within that other process's address space).

Yeah, that's how the messaging loop works. Not sure I'd go so far as to say you can send any ammount of data in the other apps memory space, you can send a pointer and that will be in the other program memory space. With OLE (oops, ActiveX, whatever they're calling it today) you get a lot more data sending ability. I learned all this in early 95 when I took a Windows Programming class that used Petzold's then current book (Programming for Windows 3.1 3rd Ed, copyright 1992, published by Microsoft Press). This was all known, including the dangers (we of course looked at them as bad things you can do on accident, any hacker would see it a little differently). You send the message with the appropriate arguements and the other program handles it, and yes everything after Windows giving the message and parameters to the other program happens in that program's address space, not the most secure design architecture in the world (arguably the least secure) but not a secret. Like I said, the only shock to me is that people didn't already know this, I learned it when I was a wet behind the ears college student, from a book published by MS. To me this news is about as shocking as the revelation that rain is wet.