Skip to content
View in the app

A better way to browse. Learn more.

Thailand News and Discussion Forum | ASEANNOW

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Latest Patched Windows Exploit Is A Golden Oldie

Featured Replies

Latest patched Windows exploit is a golden oldie

We've seen Microsoft patch vulnerabilities in Windows that we swear we'd seen before, and sometimes they all look so much alike that they tend to run together. But this one really is a classic: a buffer overrun triggered by a fake image file.

Who can forget the tumultuous days of 2004, when what was then considered a major threat to Windows loomed large: a way to easily trigger a buffer overrun in GDI+, Microsoft's once-improved Graphics Device Interface library? While patches were finally distributed that September, it seemed the company's eventual solution -- a completely new graphics foundation, WPF -- couldn't come too soon.

Four years later, the possibility of an uncontrolled exploit to GDI+ -- still a principal 2D graphics library in Windows -- apparently remains imminent. So perhaps the most important security fix in this month's Patch Tuesday from Microsoft includes a new patch for GDI+, to address possible buffer overrun exploits that can be triggered using maliciously crafted GIF, BMP, Windows Metafile (WMF), and Enhanced Metafile (EMF) images, as well as Vector Markup Language (VML) images that include gradients.

"The vulnerability is caused by a heap-based buffer overrun when GDI+ improperly processes gradient sizes handled by the vector graphics link library," reads Microsoft's bulletin this morning.

The September 2004 exploit is looked upon as the textbook example of the heap-based buffer overrun principle, though in this case involving JPEG images. In low-level programming, there are two types of storage buffers for the data that a program may need to use. A pointer keeps track of which item is the next to be recalled, and a "pop" instruction pulls that item from memory. For a stack, data is written to memory in such a way that the first item in becomes the last item out. A heap works differently, more like a stack of papers on one's desk: the first item in becomes the first item out.

The heap situation is said to be a little easier to exploit because whatever memory element can trigger the overflow can be added first and exploited immediately. Still, that doesn't explain why it took four years to realize that the same technique a maliciously crafted JPEG file would use to overflow a buffer, couldn't be used by a GIF file or a WMF file.

source: betanews.com

Don't understand it but always apprecitate the news.

BTW after checking with some computer expert friends, I finally did SP 3 on my XPPro, on two of my computers. No problems.

Still holding of on FF3, maybe will do soon.

Haven't started with Google Chrome yet, want to see where it goes.

Got to replace my desktop fan, no big deal but hate pulling the box out from its home cuz of all the darn wires tethering it in the back.

That's a little off topic but I just wanted to say "Thanks" and keep the hits coming!

Another BTW, I heard an interesting review on the radio for a new video game, "Braid":

http://www.npr.org/templates/story/story.p...toryId=94025221

"The game, Braid, is less shoot-'em-up than meditation on the meaning of life — and within six days, it had been downloaded more than 50,000 times. Game critics are calling it a masterpiece. Braid feels like a game that a grown-up can play, and that a grown-up perhaps ought to play."

It is an X-Box game I believe. I am not a gamer but it sounded interesting. (I don't own stock in whoever makes X-Box either, lol!)

Edited by zzdocxx

Create an account or sign in to comment

Recently Browsing 0

  • No registered users viewing this page.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.