Another technique for Fixing DLL Preloading attacks

Back in February, 2008, I posted on DLL preloading attacks and how to avoid them here. It seems that the problem has recently gotten a lot of attention – currently called “Binary Planting”. You can read more about that at the MSRC blog, the SWI blog, on this ZDNET blog post, an update, and a…

3

MS10-048 – Getting the Math Right

The Security Research and Defense blog detailed an integer overflow here. The code looks like this: case DBT_DEVTYP_PORT: pPortW = (PDEV_BROADCAST_PORT_W)lParam; if ((1+wcslen(pPortW->dbcp_name))*sizeof(WCHAR) + FIELD_OFFSET(DEV_BROADCAST_PORT_W, dbcp_name) > cbSize) { MSGERRORCLEANUP(0); } break; They then claimed that it would take a wcslen of greater than 2^31 to cause an overflow, but this isn’t true. Let’s take…

1