www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - Invalid pointer reference

reply bearophile <bearophileHUGS lycos.com> writes:
Another of those billion dollar mistakes D2 will not be able to avoid!

http://www.microsoft.com/technet/security/advisory/979352.mspx

Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4
on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet
Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and
Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported
editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server
2008, Windows 7, and Windows Server 2008 R2 are vulnerable. The vulnerability
exists as an invalid pointer reference within Internet Explorer. It is possible
under certain conditions for the invalid pointer to be accessed after an object
is deleted. In a specially-crafted attack, in attempting to access a freed
object, Internet Explorer can be caused to allow remote code execution.<

In future if I can I'll keep posting here other widely destructive examples of this class of bugs. Bye, bearophile
Jan 18 2010
next sibling parent reply Bane <branimir.milosavljevic gmail.com> writes:
bearophile Wrote:

 Another of those billion dollar mistakes D2 will not be able to avoid!
 
 http://www.microsoft.com/technet/security/advisory/979352.mspx
 
Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4
on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet
Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and
Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported
editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server
2008, Windows 7, and Windows Server 2008 R2 are vulnerable. The vulnerability
exists as an invalid pointer reference within Internet Explorer. It is possible
under certain conditions for the invalid pointer to be accessed after an object
is deleted. In a specially-crafted attack, in attempting to access a freed
object, Internet Explorer can be caused to allow remote code execution.<

In future if I can I'll keep posting here other widely destructive examples of this class of bugs. Bye, bearophile

Sad but true, until D becomes so mainstream that it becomes tool for making such software, I don't think there will be people trying to find and abuse such bugs. And yes, pointers can be pain in the butt - that's why I switched to D :D
Jan 19 2010
next sibling parent reply retard <re tard.com.invalid> writes:
Tue, 19 Jan 2010 06:00:50 -0500, Bane wrote:

 bearophile Wrote:
 
 Another of those billion dollar mistakes D2 will not be able to avoid!
 
 http://www.microsoft.com/technet/security/advisory/979352.mspx
 
Our investigation so far has shown that Internet Explorer 5.01 Service
Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and
that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000
Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and
Internet Explorer 8 on supported editions of Windows XP, Windows
Server 2003, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 are vulnerable. The vulnerability exists as an
invalid pointer reference within Internet Explorer. It is possible
under certain conditions for the invalid pointer to be accessed after
an object is deleted. In a specially-crafted attack, in attempting to
access a freed object, Internet Explorer can be caused to allow remote
code execution.<

In future if I can I'll keep posting here other widely destructive examples of this class of bugs. Bye, bearophile

Sad but true, until D becomes so mainstream that it becomes tool for making such software, I don't think there will be people trying to find and abuse such bugs. And yes, pointers can be pain in the butt - that's why I switched to D :D

[OT] D is still too low level for extremely reliable software. I don't know how Bjarne and M$ developers feel now, but because of low level languages, the rumor says that chinese have stolen world class US trade secrets and also got information about innocent dissidents who vote for democracy in order to assassinate them later.
Jan 19 2010
parent Bane <branimir.milosavljevic gmail.com> writes:
retard Wrote:

 Tue, 19 Jan 2010 06:00:50 -0500, Bane wrote:
 
 bearophile Wrote:
 
 Another of those billion dollar mistakes D2 will not be able to avoid!
 
 http://www.microsoft.com/technet/security/advisory/979352.mspx
 
Our investigation so far has shown that Internet Explorer 5.01 Service
Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and
that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000
Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and
Internet Explorer 8 on supported editions of Windows XP, Windows
Server 2003, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 are vulnerable. The vulnerability exists as an
invalid pointer reference within Internet Explorer. It is possible
under certain conditions for the invalid pointer to be accessed after
an object is deleted. In a specially-crafted attack, in attempting to
access a freed object, Internet Explorer can be caused to allow remote
code execution.<

In future if I can I'll keep posting here other widely destructive examples of this class of bugs. Bye, bearophile

Sad but true, until D becomes so mainstream that it becomes tool for making such software, I don't think there will be people trying to find and abuse such bugs. And yes, pointers can be pain in the butt - that's why I switched to D :D

[OT] D is still too low level for extremely reliable software. I don't know how Bjarne and M$ developers feel now, but because of low level languages, the rumor says that chinese have stolen world class US trade secrets and also got information about innocent dissidents who vote for democracy in order to assassinate them later.

Slightly better than mr. Samuel Colt or Alfred Nobel?
Jan 19 2010
prev sibling parent retard <re tard.com.invalid> writes:
Tue, 19 Jan 2010 07:06:42 -0500, Bane wrote:

 retard Wrote:
 
 Tue, 19 Jan 2010 06:00:50 -0500, Bane wrote:
 
 bearophile Wrote:
 
 Another of those billion dollar mistakes D2 will not be able to
 avoid!
 
 http://www.microsoft.com/technet/security/advisory/979352.mspx
 
Our investigation so far has shown that Internet Explorer 5.01
Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not
affected, and that Internet Explorer 6 Service Pack 1 on Microsoft
Windows 2000 Service Pack 4, and Internet Explorer 6, Internet
Explorer 7 and Internet Explorer 8 on supported editions of Windows
XP, Windows Server 2003, Windows Vista, Windows Server 2008,
Windows 7, and Windows Server 2008 R2 are vulnerable. The
vulnerability exists as an invalid pointer reference within
Internet Explorer. It is possible under certain conditions for the
invalid pointer to be accessed after an object is deleted. In a
specially-crafted attack, in attempting to access a freed object,
Internet Explorer can be caused to allow remote code execution.<

In future if I can I'll keep posting here other widely destructive examples of this class of bugs. Bye, bearophile

Sad but true, until D becomes so mainstream that it becomes tool for making such software, I don't think there will be people trying to find and abuse such bugs. And yes, pointers can be pain in the butt - that's why I switched to D :D

[OT] D is still too low level for extremely reliable software. I don't know how Bjarne and M$ developers feel now, but because of low level languages, the rumor says that chinese have stolen world class US trade secrets and also got information about innocent dissidents who vote for democracy in order to assassinate them later.

Slightly better than mr. Samuel Colt or Alfred Nobel?

Heh, good point =)
Jan 19 2010
prev sibling parent reply Lutger <lutger.blijdestijn gmail.com> writes:
On 01/19/2010 08:11 AM, bearophile wrote:
 Another of those billion dollar mistakes D2 will not be able to avoid!

 http://www.microsoft.com/technet/security/advisory/979352.mspx

 Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4
on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet
Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and
Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported
editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server
2008, Windows 7, and Windows Server 2008 R2 are vulnerable. The vulnerability
exists as an invalid pointer reference within Internet Explorer. It is possible
under certain conditions for the invalid pointer to be accessed after an object
is deleted. In a specially-crafted attack, in attempting to access a freed
object, Internet Explorer can be caused to allow remote code execution.<

In future if I can I'll keep posting here other widely destructive examples of this class of bugs. Bye, bearophile

SafeD?
Jan 19 2010
parent Michel Fortin <michel.fortin michelf.com> writes:
On 2010-01-19 07:17:22 -0500, Lutger <lutger.blijdestijn gmail.com> said:

 On 01/19/2010 08:11 AM, bearophile wrote:
 Another of those billion dollar mistakes D2 will not be able to avoid!
 
 http://www.microsoft.com/technet/security/advisory/979352.mspx
 
 Our investigation so far has shown that Internet Explorer 5.01 Service 
 Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and 
 that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 
 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and 
 Internet Explorer 8 on supported editions of Windows XP, Windows Server 
 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 
 2008 R2 are vulnerable. The vulnerability exists as an invalid pointer 
 reference within Internet Explorer. It is possible under certain 
 conditions for the invalid pointer to be accessed after an object is 
 deleted. In a specially-crafted attack, in attempting to access a freed 
 object, Internet Explorer can be caused to allow remote code execution.<

In future if I can I'll keep posting here other widely destructive examples of this class of bugs. Bye, bearophile

SafeD?

Almost there. But still not fully memory-safe: <http://d.puremagic.com/issues/show_bug.cgi?id=3677> -- Michel Fortin michel.fortin michelf.com http://michelf.com/
Jan 19 2010