Vista Still Using Older OS Code
A recent discovery by Determina Security Research points to a problem that hasn't received a lot of press: Windows Vista still has code in common with earlier versions of Windows operating systems. Vista provides better security than its predecessors but vulnerabilities still linger from older versions. The Windows CSRSS HardERrror Message Box Vulnerability affects Windows Vista, Windows 2003, Windows XP and Windows 2000.
The Determina advisory explains "The GetHardErrorText function returns pointers to the caption and text of the message box. If the caption or text parameters start with the \??\ prefix, the function inexplicably frees the buffer and returns a pointer to freed memory. After the message box is closed by the user, the same buffer is freed again in the FreePhi function, resulting in a double free vulnerability."
Yes, Vista has improved security but vestiges of earlier versions of the OS linger.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
