Reply to post: Re: Super cool name!

Windows Atom Tables popped by security researchers

Brewster's Angle Grinder Silver badge

Re: Super cool name!

"But if nobody has considered that an Atom Table can be modified by other malicious programs, likely they aren't sanitising the input. And given their length of history, there are bound to be thousands of apps that can be crashed in particular ways with a dodgy Atom Table entry that they try to use."

Windows machines were single user machines so if an app was running it was probably authorised by the user and to be trusted. And, anyway, if you could manipulate the atom table you could simulate key presses and mouses click and find umpteen other vectors far easier to exploit that putting shell code in a string and attempting a buffer overflow. Sanitisation was done to protect against corrupted files, stupidity (a user coming along and tweaking your registry keys) or a bug in another program. It wasn't done to protect against malicious programs.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021