N
Norman Diamond
Page
http://msdn.microsoft.com/library/d.../en-us/vclib/html/_crt_sscanf.2c_.swscanf.asp
says:
If a programmer obeys MSDN and specifies a format like "32%s" then
improperly formatted input can easily cause a buffer overrun. The malicious
person will have to know to start the input with a character '3' and a
character '2', and follow it with more than 32 characters of subsequent
input. Malicious persons have demonstrated more than the amount of skill
necessary to exploit this kind of buffer overrun.
If a programmer ignores MSDN and specifies a format like "%32s" then this
security vulnerability can be avoided.
If MSDN gets fixed in less than a year then maybe Microsoft still "gets it"
with security.
http://msdn.microsoft.com/library/d.../en-us/vclib/html/_crt_sscanf.2c_.swscanf.asp
says:
If a programmer obeys MSDN and specifies a format like "32%s" then
improperly formatted input can easily cause a buffer overrun. The malicious
person will have to know to start the input with a character '3' and a
character '2', and follow it with more than 32 characters of subsequent
input. Malicious persons have demonstrated more than the amount of skill
necessary to exploit this kind of buffer overrun.
If a programmer ignores MSDN and specifies a format like "%32s" then this
security vulnerability can be avoided.
If MSDN gets fixed in less than a year then maybe Microsoft still "gets it"
with security.