Bugtraq mailing list archives
RE: Unchecked buffer in mstask.dll
From: "Thor Larholm" <tlarholm () pivx com>
Date: Thu, 15 Jul 2004 10:21:55 -0700
My bad, I meant to say MS04-022 which correctly list a patch for Windows XP. I tried correcting my error in an immediate followup post and wrote bugtraq-owner () securityfocus com to clarify but the original post got approved. Regards Thor Larholm -----Original Message----- From: Mark Litchfield [mailto:mark () ngssoftware com] Sent: Thursday, July 15, 2004 2:05 AM To: Thor Larholm; bugtraq () securityfocus com Cc: Brett Moore Subject: Re: Unchecked buffer in mstask.dll << Microsoft should update the MS02-022 bulletin to reflect that automated exploitation is possible. Currently, the only listed affected software is Windows 2000 but I had no problems reproducing this on Windows XP as well. Since there is no patch available for Windows XP to fix this vulnerability the only workaround is to disable the dynamic icon handler for JobObject files, as described above >> This issue was also reported to Microsoft by Peter Winter Smith of NGS Software, with his sole testing platform being that of Windows XP as stated in his advisory. He had not confirmed exploitation against Windows 2000. As far as I am aware, there is a fix available for XP available from http://www.microsoft.com/downloads/details.aspx?FamilyId=8E8D0A2D-D3B9-4 DE8-8B6F-FC27715BC0CF&displaylang=en Regards Mark Litchfield
Current thread:
- Unchecked buffer in mstask.dll Brett Moore (Jul 14)
- <Possible follow-ups>
- RE: Unchecked buffer in mstask.dll Thor Larholm (Jul 14)
- Re: Unchecked buffer in mstask.dll Mark Litchfield (Jul 16)
- RE: Unchecked buffer in mstask.dll Paul Szabo (Jul 15)
- RE: Unchecked buffer in mstask.dll Dmitry Yu. Bolkhovityanov (Jul 18)
- RE: [ok] [Full-Disclosure] RE: Unchecked buffer in mstask.dll Curt Purdy (Jul 18)
- Re: [Full-Disclosure] RE: Unchecked buffer in mstask.dll Jordan Cole (stilist) (Jul 18)
- Re: [Full-Disclosure] RE: Unchecked buffer in mstask.dll Nick FitzGerald (Jul 18)
- Re: [Full-Disclosure] RE: Unchecked buffer in mstask.dll Curt Purdy (Jul 18)
- RE: Unchecked buffer in mstask.dll Dmitry Yu. Bolkhovityanov (Jul 18)
- RE: Unchecked buffer in mstask.dll Thor Larholm (Jul 15)