[WEB SECURITY] Re: Jeremiah Grossman writes about buffer overflow myths

ol at uncon.org ol at uncon.org
Wed Mar 15 04:44:45 EST 2006


> Did you read the article or did you just base your response on the 2
sample
> sentences sent in the email?  The article quite clearly outlined the fact
> that it was focusing on "custom" applications and not widely available (to
> everyone, including attackers) software.

Yes I did. Did you read the article I posted? It clearly describes how it is
possible and thus likely hood is greatly increased on custom applications
(using ISAPI as a particular example I grant you).





---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list