-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/01/2015 21:19, Alexandre Julliard wrote:
Pierre Schweitzer <pierre(a)reactos.org> writes:
On 07/01/2015 17:19, Marcus Meissner wrote:
I would say that exploiting by "crafted PE binary" is not in scope for CVE allocation for Wine, as you would not keep the crafted PE binary from doing "int 0x80" itself.
Well, by crafted PE binary, I mean, binary that would be designed to exploit such weaknesses. To corrupt memory, read from it or whatever.
That's the sort of thing I was alluding to in our private discussion. In the context of Wine, postulating a specially crafted binary doesn't make sense. Obviously such a binary doesn't need to exploit Wine to do anything it wants.
Likely my 'crafted' word was poorly chosen. Here, I refer to a binary designed to exploit the flaws in Wine, as it would be designed to exploit flaws in any library. The user excepts to run a sane binary, whereas said binary will actually use its running context to corrupt memory, attempt to cause a denial of service in Wine, and so on. As for any other exploit (be it for a lib or another tool). Cheers, - -- Pierre Schweitzer <pierre at reactos.org> System & Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUrZ14AAoJEHVFVWw9WFsLHkQP/if7LKib0C3J0l4BxFdFSbZu dOEYexCwN1eUQtdkU6g0fsYqE31Igo2Ndn7Ss8GyXYLzNe2pcOXUHIrXapenPEnr p+gIRsqKWVIu6zf5QxKf7Lr0qcsoLbo2uJIJU/FiTfHhFOj6cLP7kxmkY6LwXeUM uh1kDZOO+a+HVkEbGaxByXIbElPgy8N9BW+iXD4bQTjwYSZ22efWQLgPIgVbJqc4 x0tcIHZ9F7cHWgVotgOXdtNzOQ1QRXLd15Rgcw4gjA3NQnry3WkProcO3WF8hpzq qg3Ew/OSD9DrvtOIAxRz+U8iF1wQD2DLBrC/9+Q2fAygqZz/pe1IAhTLlUw4kr2H dKhpGHhWSTKcd265SIzmJXHyuN3UUJurk8Fjt48QoRJ2uyX/p3m2U7VXw5tnK2rt yFkTB9aa5es73oGg6puUtaJFb/54HDukdWzj6xNaYappnnk48bdd9cvgfTe7BTV+ Pug/TIL/mHor/C7z0i3yHQN7X1aiGKJQyVKOa1VXz7I7MJwu8iNQeRsklSKPW0Am bz5lHCCS3pXp55mxXPhOxU8OtzLl9/FEsT5u1nMRsKZ7i7wpR37tXKuStUQ3LmIH 20gynP9NZs9QBx0BOxxfQ+3VCVwUo1M+RuWuWW1+vONYejcvRAWRRmMItmsW6m/j qAUakjVaElbvBRDu7gYL =SDqC -----END PGP SIGNATURE-----