If a GUI honors it but the compiler does not

1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #440,275 by scoenye 11/4/21 7:32:23 PM 11/4/21 7:32:23 PM Reply	If a GUI honors it but the compiler does not then the human sees one thing, the compiler another. If the compiler drops the control characters without warning, that can become a problem. e.g. it could be used to make you see 0x0F where the compiler sees 0xF0. How feasibly any of this is is another matter. The example above is not very practical unless it hits a project that still uses literals for critical fields.
Post #440,280 by drook 11/5/21 8:41:22 AM 11/5/21 8:41:22 AM Reply	That sounds like the edgiest of edge cases Not saying it's impossible to exploit, but just about any other method must be easier. -- Drew
Post #440,285 by scoenye 11/5/21 8:45:54 PM 11/5/21 8:45:54 PM Reply	Pretty much. The more likely target is e-mail (URLs, attachment names, ...)

Krebs on "Trojan Source" - (Another Scott) - (6) - Nov. 4, 2021, 05:44:46 PM EDT

How would this be exploited? - (drook) - (4) - Nov. 4, 2021, 06:56:31 PM EDT

If a GUI honors it but the compiler does not - (scoenye) - (2) - Nov. 4, 2021, 07:32:23 PM EDT

That sounds like the edgiest of edge cases - (drook) - (1) - Nov. 5, 2021, 08:41:22 AM EDT

Pretty much. The more likely target is e-mail (URLs, attachment names, ...) -NT - (scoenye) - Nov. 5, 2021, 08:45:54 PM EDT

"What are you missing?", you ask. - (pwhysall) - Nov. 5, 2021, 12:37:04 PM EDT

Not quite new - (scoenye) - Nov. 4, 2021, 07:15:12 PM EDT

Non-migratory, just like coconuts.
47 ms