Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Programming Software Microsoft Technology IT

Word 2007 Flaws Are Features, Not Bugs 411

Posted by Zonk from the i-thought-that-was-just-a-programmer-joke dept.
PetManimal writes "Mati Aharoni's discovery of three flaws in Word using a fuzzer (screenshots) has been discounted by Microsoft, which claims that the crashes and malformed Word documents are a feature of Word, not a bug. Microsoft's Security Response Center is also refusing to classify the flaws as security problems. According to Microsoft developer David LeBlanc, crashes aren't necessarily DoS situations: 'You may rightfully say that crashing is always bad, and having a server-class app background, I agree. Crashing means you made a mistake, bad programmer, no biscuit. However, crashing may be the lesser of the evils in many places. In the event that our apps crash, we have recovery mechanisms, ways to report the crash so we know what function had the problem, and so on. I really take issue with those who would characterize a client-side crash as a denial of service.' Computerworld's Frank Hayes responds to LeBlanc and questions Microsoft's logic.'"
This discussion has been archived. No new comments can be posted.

Word 2007 Flaws Are Features, Not Bugs More

Word 2007 Flaws Are Features, Not Bugs

Comments Filter:

  • Re:Let's just get this out of the way then... (Score:5, Informative)

    by Mateo_LeFou ( 859634 ) on Friday April 13, 2007 @02:48PM (#18722347) Homepage
    Um, it's defined in the twelve words after "fuzzer" in TFA

    "a tool that probes an application for vulnerabilities by sending random input"

    This is known as an appositive phrase.

  • Re:Let's just get this out of the way then... (Score:3, Informative)

    by MassEnergySpaceTime ( 957330 ) on Friday April 13, 2007 @02:49PM (#18722393)
    From wiki:

    "Fuzz testing or fuzzing is a software testing technique that provides random data ("fuzz") to the inputs of a program. If the program fails (for example, by crashing, or by failing built-in code assertions), the defects can be noted."

  • Re:I don't see the problem (Score:2, Informative)

    by HolyCrapSCOsux ( 700114 ) on Friday April 13, 2007 @02:51PM (#18722429)
    That could be considered a flaw of word as well. It's more complicated than a text editor should be.

  • To be pedantic for a moment... (Score:3, Informative)

    by AKAImBatman ( 238306 ) * <akaimbatman AT gmail DOT com> on Friday April 13, 2007 @02:52PM (#18722453) Homepage Journal
    DoS (Denial of Service), not DDoS (Distributed Denial of Service). There is no "distributed" in crashing these desktop apps.

  • Re:Let me see... (Score:5, Informative)

    by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Friday April 13, 2007 @02:59PM (#18722591) Homepage Journal

    Exactly. It's expected than any app will crash if you feed it malicious junk.

    Sorry, I don't buy it. The only way that is a valid expectation is if you explicitly tell it to crash when it gets malformed data, which is offensive and stupid. The proper thing to do is to tell it to alert the user if there is malformed data, and then clean up and get ready to parse another document.

    Crashing is definitely a sign that something bad is happening. Traditionally, when an app crashes because of an invalid document, it's writing to some memory it shouldn't be. This is a sign of lazy or stupid programmers not doing proper checking of the input.

  • How Long Before... (Score:3, Informative)

    by Evil W1zard ( 832703 ) on Friday April 13, 2007 @03:01PM (#18722637) Journal
    Ok so 2 of the 3 bugs result in a DoS type situation and the third could allow for execution of arbitrary code... Using a Fuzzer dont you typically find DoS/Reboot/Crashes first and then more research to include debugging can show where in memory the crash occurs and then you move into the world of tailoring an overflow and allowing for execution of arbitrary code...

    To me DoS'ing a client-side app like Word is an annoyance, but I would expect to see exploit code coming that does do code execution or privilege escalation of some sort and then MS will patch it on Tuesday just like they've been doing for years...

  • RTFA - not just Word crashing (Score:5, Informative)

    by PCM2 ( 4486 ) on Friday April 13, 2007 @03:26PM (#18723029) Homepage

    ...if I understand this correctly. Basically, a security researcher believes he's found a buffer overflow. However, he has not yet found a way to exploit that overflow because Word keeps crashing.

    Actually, according to the Computerworld article, two of the bugs discovered will peg the processor at 100 percent, forcing a cold reboot that potentially will do a lot more damage than just corrupting your Word documents. Whatever your philosophy otherwise, that really is a denial of service.

  • Re:Let's just get this out of the way then... (Score:4, Informative)

    by Anonymous Coward on Friday April 13, 2007 @03:46PM (#18723373)
    a phrase that is placed in apposition to a noun or another phrase, usually serving to clarify the meaning or intent.

    an appositional phrase, a phrase that clarifies meaning, is a fancy way of saying "redundant"

  • Re:I guess it is an attitude problem. (Score:4, Informative)

    by Achromatic1978 ( 916097 ) <robert.chromablue@net> on Friday April 13, 2007 @03:48PM (#18723397)
    Small hint: they do exactly that.

    To quote Para. 16 of the Windows XP Home EULA:

    Except for the Limited Warranty and to the maximum extent permitted by applicable law, Microsoft and its suppliers provide the Software and support services (if any) AS IS AND WITH ALL FAULTS, and hereby disclaim all other warranties and conditions, whether express, implied or statutory, including, but not limited to, any (if any) implied warranties, duties or conditions of merchantability, of fitness for a particular purpose, of reliability or availability, of accuracy or completeness of responses, of results, of workmanlike effort, of lack of viruses, and of lack of negligence, all with regard to the Software, and the provision of or failure to provide support or other services, information, software, and related content through the Software or otherwise arising out of the use of the Software. ALSO, THERE IS NO WARRANTY OR CONDITION OF TITLE, QUIET ENJOYMENT, QUIET POSSESSION, CORRESPONDENCE TO DESCRIPTION OR NON-INFRINGEMENT WITH REGARD TO THE SOFTWARE.

    Seems pretty much the case to me.

    Don't even try the "Click throughs not legally binding!". It doesn't need to be binding for this - but to claim they don't sell software AS IS is an absolute fallacy, trivially demonstrable.

  • Re:Let me see... (Score:3, Informative)

    by ppanon ( 16583 ) on Friday April 13, 2007 @03:50PM (#18723425) Homepage Journal
    It depends. Does the crash only close down that document? Or does it also crash and lose the changes to the other documents that you've been making for the last two hours? I'm betting on the latter since all open Word documents seem to be managed under a single process. And to me losing pending changes to other documents is a DoS.

    How would you feel if you opened a word document, which you received in an e-mail from a co-worker, that then crashed Word and made you lose some important work you had just been entering?

  • Re:We work on data driven apps (police RMS) (Score:2, Informative)

    by I'm Don Giovanni ( 598558 ) on Friday April 13, 2007 @04:49PM (#18724329)
    According to the article, the crash in question is a result of Word using the SafeIntOnOverflow() function to deal with integer-overflow. That function throws an exception on integer overflow. That the function is being used in the code is evidence that the code is indeed checking the validity of an integer. But apparently there's no good way to recover from that situation, so they don't bother to catch the thrown exception and let it crash. Seems good to me. The only reason there was integer-overflow in the first place is that some researcher was running the app in a debugger and feeding it random data.

    Now, someone could intentionally create a corrupt document that causes integer-overflow, which would cause the exception and crash, but real documents won't cause that behavior (notwithstanding other possible bugs).

  • Re:I don't see the problem (Score:3, Informative)

    by CyberSlugGump ( 609485 ) on Friday April 13, 2007 @05:00PM (#18724461)

    Wow. I thought this was a joke; but I just tried this on Windows XP, and it really happens as the poster describes.

  • Re:I don't see the problem (Score:3, Informative)

    by VGPowerlord ( 621254 ) on Friday April 13, 2007 @05:24PM (#18724787)
    Actually, I can think of two new features it's gotten since Windows for Workgroups:
    1. The ability to open files larger than 64KB... I'm not kidding, try it.
    2. The ability to save and display files in UTF-8 and UCS-2/UTF-16.

    A bug in the API that the latter uses is actually part of the problem the grandparent mentioned.

    Of course, no one should use Notepad for doing anything useful... As a program, it does even less than its predecessor, MS-DOS's Edit.

  • In case you want to know why this happens (Score:3, Informative)

    by Taagehornet ( 984739 ) on Friday April 13, 2007 @05:37PM (#18724977)
    While perhaps producing some rather amusing results, this is a unfortunate but unavoidable consequence of Notepad having to support a variety of encodings of text files.

    It's not really news though, and I doubt Hugh Thompson deserves any credit, Raymond Chen explained why things behave like this back in 2004 [msdn.com].

  • Re:I don't see the problem (Score:1, Informative)

    by Anonymous Coward on Saturday April 14, 2007 @12:21AM (#18728501)
    You could always just use Edit->Paste Special... in Word, then choose "Unformatted Text"...

    But yeah, if you like copying and pasting twice, that works too.

Slashdot Top Deals

"It's a dog-eat-dog world out there, and I'm wearing Milkbone underware." -- Norm, from _Cheers_

Close