More Mysteries of the Win32 MessageBox Bug Revealed

Last month, security engineers discovered the latest incarnation of a problem first encountered eight years ago: When an API function dating back to the first version of the Win32 library tells the system to display a dialog box as though it were coming from the OS itself and not the active application, and when the text to be displayed in that message box appears to contain what may be a disused character code sequence, then memory becomes corrupted. At least one, sometimes more, repeated calls can cause Windows to crash.

But if memory is corrupted, can it be exploited, and for how long? BetaNews' tests on clean, virtual Windows XP and Windows Vista environments indicate the answers are as follows: Probably not, and if that proves wrong, for not long at all. BetaNews | More Mysteries of the Win32 MessageBox Bug Revealed

Linked by shanmuga Thursday, 4th January 2007 2:24AM