Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

All Tags » full-disclosure   (RSS)
Wednesday, January 28, 2009 3:20 PM

Stack overflow (stack exhaustion) not the same as stack buffer overflow

Periodically we get reports into the MSRC of stack exhaustion in client-side applications such as Internet Explorer, Word, etc. These are valid stability bugs that, fortunately, do not lead to an exploitable condition by itself (no potential for elevation
Posted by swiblog | (Comments Off)
Tuesday, January 08, 2008 1:14 PM

XP SP3 range check hiding an overflow condition?

We have received a few inquiries about the full disclosure posting http://seclists.org/fulldisclosure/2007/Dec/0470.html , where a range check was added in Windows XP SP3 for the Terminal Server RPC function RpcWinStationEnumerateProcesses. The speculation
Posted by migrady | (Comments Off)
 
Page view tracker