Roland Kaufmann <roland@ii.uib.no> writes: > > 3) Microsoft cannot fix these vulnerabilities. > (b) WM_TIMER messages are posted to the message queue and can be > filtered by the application, as stated in the documentation for > this message. The application can have a list over timers and check > this for validity. (Moral of the story: Don't trust window message > parameters any more than user input). I believe this was his point -- Microsoft cannot fix this; we have to rewrite every single Win32 application and arrange for it to maintain this list. This vulnerability strikes me as very similar to gets() -- the OS (or C library) has provided a primitive which makes it seductively easy to write insecure code. - a -- Sick of HTML user interfaces? www.xwt.org Amendment XXVIII: "thou shalt maximize thy stock price at all costs"