I ran across an article on searchsecurity.com about some researchers at WatchFire, inc. successfully exploiting a dangling pointer error in Microsoft’s IIS 5.1. The article describes the issue as “a common programming error, which until now had been considered simply a quality problem and not a security vulnerability.”
If the guys at Watchfire did figure out how to reliably exploit a dangling pointer, software developers should be in for an interesting ride as companies scramble to fix their errors. At issue is the technique they use to find the location the “left-over” pointer references. This can’t be simple to do, and I am excited to see the results of their work, presented at the Black Hat Briefings in August. Stay tuned for updates, and the awarding of 2 mycomputerninja.com throwing stars for the researchers, once they present their findings.