Re: strcpy bug

>From: xenophi1e <oliver.lavery@sympatico.ca>
>Date: 7 Jun 2003 18:34:59 -0000
> >
> >The windows "Search for files and folders" utility will search binaries

It's a quick and dirty hack, that's why I like it :) Of course it won't find linkages that are only specified by function ordinal, so you get false negatives.

>Yeah, another obvious problem I realised after posting is that MAX_PATH

Heh, as I found out also when trying to create a .eot file with an overly long name!

>There's some protection since applications that are well

The question is, can we get any application to try and LZOpenFileA a file without first performing a check-for-existence test? I haven't managed to fool IE or OE yet with any of the usual MIME / CID: tricks....

      DaveK

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek