asciilifeform: 'Also the JPEG2000 parsing is done within a try-catch that catches all exception. This would allow an attacker to bruteforce his/her way to successful exploitation as the vprintproxy.exe would stay alive even through access violations.' << ahahahahaha.
asciilifeform: nothing prevents us from referencing and zeroing memory prior to the font, as the 32-bit arithmetic will wrap.' << ditto
asciilifeform: 'When extracting a TrueType font from the EMFSPOOL file, TPView.dll will verify the checksum of the font prior to further processing. To do so, it will walk the tables, zero out the padding at the end of a table and checksum the table. In doing so, it will trust the ‘offset’ field of the table record and add it to a pointer to the font buffer. While there is a check to make sure that we don’t go past the end of the font,
asciilifeform: 'The program performs unsafe 32-bit arithmetic, leading to an invalid size check prior to a memcpy() operation, leading to a heap overflow.' << can we plz haz shitgnomes playing 'underhanded c contest' prior to employment? these old idiocies are getting - well - old.
asciilifeform: 'vprintproxy.exe is launched on the Host by vmware-vmx.exe as whichever user started VMware. vmware-vmx.exe and vprintproxy.exe communicate through named pipes. When writing to COM1 in the Guest, the packets will eventually end up in vprintproxy.exe for processing.' <<<< run moar winblows!! (tm)
asciilifeform: incidentally, i assume everyone remembers the usg-sponsored outfit publicly parading their net of sybils (based on 'pseudonode' or something entirely like it. student can write equivalent in an evening)
asciilifeform: speaking of counterfeiters, i once read a fascinating bio paper where folks determined the actual cause of death of 'drink molten lead'
asciilifeform: medieval counterfeiters, famously, got to drink molten lead (or sometimes, for showmanship, gold...) when caught. modern ones will one day be drowned in buckets of inkjet ?
