Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Y3K problems ?

Published: 2007-02-13
Last Updated: 2007-02-13 15:31:09 UTC
by Swa Frantzen (Version: 2)
0 comment(s)
I almost had a déjà-vu moment when I read: CVE-2007-0842
So time handling functions in Visual C++ 8.0 can't go beyond Jan 1st 3000, didn't the industry learn almost a decade ago that dates move on and building any arbitrary limit is a bad idea(tm).

To add injury to the insult it's not that it returns something indicating it can't handle a date that far in the future, but just throws up an exception and terminates the application, causing opportunity for causing a DoS.

Swa Frantzen --
0 comment(s)
Diary Archives