RE: Unchecked buffer in mstask.dll

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx, tlarholm@xxxxxxxx
Subject: RE: Unchecked buffer in mstask.dll
From: psz@xxxxxxxxxxxxxxxxx (Paul Szabo)
Date: Thu, 15 Jul 2004 09:50:17 +1000 (EST)
Cc: brett.moore@xxxxxxxxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Thor wrote about IconHandler starting mstask. Are there any other dangerous
IconHandler entries: is there a way we can reassure ourselves that the
others are safe?

Being curious, on Win2k, I copied cmd.exe (from winnt\system32) as xyz.pif;
then (right-click) Properties, Program crashes explorer. Is this related to
IconHandler, and is it exploitable?

Cheers,

Paul Szabo - psz@xxxxxxxxxxxxxxxxx  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

Follow-Ups:
- RE: Unchecked buffer in mstask.dll
  - From: Dmitry Yu. Bolkhovityanov
- Re: [Full-Disclosure] RE: Unchecked buffer in mstask.dll
  - From: Jordan Cole (stilist)

Prev by Date: RE: Two Vulnerabilities in Mozilla may lead to remote compromise
Next by Date: Re: Mac OS X stores login/Keychain/FileVault passwords on disk
Previous by thread: Re: Unchecked buffer in mstask.dll
Next by thread: Re: [Full-Disclosure] RE: Unchecked buffer in mstask.dll
Index(es):
- Date
- Thread