17 Dec
2003
17 Dec
'03
11:17 p.m.
Sigh. For your information the security code for 1.x versions of netscape was not even written by someone from NCSA.
If there is ANY place in the code that I can do a data driven buffer overflow, I can force you to execute code that I supply. I don't give a damn if it's in the "security" code. It makes no difference where it is. If there is a chink, thats it -- you're meat.
How would you do this if the buffer overflow happened in a buffer which was allocated in a separate protected heap apart from stack and executable data? -Ray