Welcome to WebmasterWorld Guest from

Forum Moderators: bakedjake

Message Too Old, No Replies

Win32 API

utterly and irredeemably broken



7:07 pm on Aug 14, 2002 (gmt 0)


7:42 pm on Aug 14, 2002 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

My understanding of this one is that it is an insignificant problem. It's based off the idea that Windows has always run off a global message queue and that applications can put things into or take things out of the queue. The result is that one program can hack another one running in the same context.

But that's a given on any operating system. It's the same effect that you get if you can run a malicious program as root on Linux, it can hack any other program on the system. The mechanism on how you would implement it is different between Windows and Linux, but the result is the same.


7:47 pm on Aug 14, 2002 (gmt 0)

WebmasterWorld Administrator mack is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

So could the operating system be controlled remotely using a program installed on the infected computer that is accessed over the web for instance? In a way I can understand how this would happen on almost any OS it would just need to be ported for itís intended environment. Does anyone know of any instances where this has actually happened?


8:30 am on Aug 15, 2002 (gmt 0)

10+ Year Member

"The result is that one program can hack another one running in the same context" -- and the problem in Windows is most things run as the eqivilent of root. A problem we had was as follows:

* An intern needed to remove an activeX download file from their computer
* IE had placed the activeX file a system folder, even though the intern wasn't logged in as the administrator
* intern didn't have the administrator password and had to ask for somebody else to remove it

On Linux my browser runs as josk. It can install things to whereever *I* can install things. The downside is that anything *I* own is at risk, but at least the system is safe...


Featured Threads

Hot Threads This Week

Hot Threads This Month