Reply to post:

Windows Atom Tables popped by security researchers

Ken Hagan Gold badge

Two fairly whopping mitigating factors:

1) No windows APIs actually execute the strings that are atomised in these tables and converting an atom back into a string is a relatively rare operation. (By far the more common use case is converting the string you are interested in to an atom and then seeing if it matches the atom you've been offered. In fact, probably the only programs that convert the other way are debug utilities.) Therefore, it is vanishingly unlikely that the string you've inserted will ever exist in the address space of the process you are trying to attack.

2) Unless you have elevated processes running in your window station, there is nothing you can attack that doesn't have exactly the same access as the attacker. So you can only attack processes that you can already control by all sorts of existing means (such as TerminateProcess or CreateRemoteThread) and so it isn't really a security vulnerability.

So unless further details are forthcoming, I have to assume that this is just someone trying to drum up some publicity for themselves.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021