> Is the latest ICS sure for overflow attacks? Yes, it is. But some application may not be secure if not correctly developed ! The application programmer _muust_ take care of many problems the component can't do for him. For example, if your application receive data and buffer incomming data waiting for a delimiter which will never come, then your application is subject to denial of service attack. Your application, not the component !
-- Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html -- [EMAIL PROTECTED] http://www.overbyte.be ----- Original Message ----- From: "Roberto Della Pasqua" <[EMAIL PROTECTED]> To: "'ICS support mailing'" <twsocket@elists.org> Sent: Friday, January 20, 2006 4:40 PM Subject: [twsocket] ICS stack buffer overflow? > Hi dear developers, > > Please check the thread in borland.public.delphi.non-technical (borland > nntp > server) > > First post: > > "Hi all, > > We know that by using the standart VCL functions it is impossible to > create > a stack overflow condition in delphi-written applications.But how about > Heap > > Based overflows?Last week I came across an exploit that exploits a Heap > overflow in ICS component suite.(if I remember it correctly).This type of > attack is as dangerous as stack overflow.(except generally it is more > difficult to implement an exploit).Well what should we think about these > kind of security problems while coding?I have not seen a detailed document > on the subject on how to avoid heap based overflows? > > Regards... " > > Is the latest ICS sure for overflow attacks? > > Roberto Della Pasqua > Http: www.dellapasqua.com > Email/Msn: [EMAIL PROTECTED] > Aol/Yahoo: DellaPasquaR > Icq: 164672275 > ------------------------------------- > This e-mail and any attachment contain information which is privileged and > confidential and is intended for the addressee only. If you have received > this message but you are not the intended addressee, be advised that you > are > not authorized to read, copy or use this email or any attachment. If you > have received this email in error, please destroy it and notify the sender > by return email. Thank you. > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be