Word 2007 Flaws Are Features, Not Bugs 411
PetManimal writes "Mati Aharoni's discovery of three flaws in Word using a fuzzer (screenshots) has been discounted by Microsoft, which claims that the crashes and malformed Word documents are a feature of Word, not a bug. Microsoft's Security Response Center is also refusing to classify the flaws as security problems. According to Microsoft developer David LeBlanc, crashes aren't necessarily DoS situations: 'You may rightfully say that crashing is always bad, and having a server-class app background, I agree. Crashing means you made a mistake, bad programmer, no biscuit. However, crashing may be the lesser of the evils in many places. In the event that our apps crash, we have recovery mechanisms, ways to report the crash so we know what function had the problem, and so on. I really take issue with those who would characterize a client-side crash as a denial of service.' Computerworld's Frank Hayes responds to LeBlanc and questions Microsoft's logic.'"
Re:Let's just get this out of the way then... (Score:5, Informative)
"a tool that probes an application for vulnerabilities by sending random input"
This is known as an appositive phrase.
Re:Let's just get this out of the way then... (Score:2, Informative)
Re:Let's just get this out of the way then... (Score:3, Informative)
"Fuzz testing or fuzzing is a software testing technique that provides random data ("fuzz") to the inputs of a program. If the program fails (for example, by crashing, or by failing built-in code assertions), the defects can be noted."
Re:I don't see the problem (Score:2, Informative)
To be pedantic for a moment... (Score:3, Informative)
Re:Let me see... (Score:5, Informative)
Sorry, I don't buy it. The only way that is a valid expectation is if you explicitly tell it to crash when it gets malformed data, which is offensive and stupid. The proper thing to do is to tell it to alert the user if there is malformed data, and then clean up and get ready to parse another document.
Crashing is definitely a sign that something bad is happening. Traditionally, when an app crashes because of an invalid document, it's writing to some memory it shouldn't be. This is a sign of lazy or stupid programmers not doing proper checking of the input.
How Long Before... (Score:3, Informative)
To me DoS'ing a client-side app like Word is an annoyance, but I would expect to see exploit code coming that does do code execution or privilege escalation of some sort and then MS will patch it on Tuesday just like they've been doing for years...
RTFA - not just Word crashing (Score:5, Informative)
Actually, according to the Computerworld article, two of the bugs discovered will peg the processor at 100 percent, forcing a cold reboot that potentially will do a lot more damage than just corrupting your Word documents. Whatever your philosophy otherwise, that really is a denial of service.
Re:Let's just get this out of the way then... (Score:4, Informative)
an appositional phrase, a phrase that clarifies meaning, is a fancy way of saying "redundant"
Re:I guess it is an attitude problem. (Score:4, Informative)
To quote Para. 16 of the Windows XP Home EULA:
Seems pretty much the case to me.
Don't even try the "Click throughs not legally binding!". It doesn't need to be binding for this - but to claim they don't sell software AS IS is an absolute fallacy, trivially demonstrable.
Re:Let me see... (Score:3, Informative)
How would you feel if you opened a word document, which you received in an e-mail from a co-worker, that then crashed Word and made you lose some important work you had just been entering?
Re:We work on data driven apps (police RMS) (Score:2, Informative)
Now, someone could intentionally create a corrupt document that causes integer-overflow, which would cause the exception and crash, but real documents won't cause that behavior (notwithstanding other possible bugs).
Re:I don't see the problem (Score:3, Informative)
Wow. I thought this was a joke; but I just tried this on Windows XP, and it really happens as the poster describes.
Re:I don't see the problem (Score:3, Informative)
1. The ability to open files larger than 64KB... I'm not kidding, try it.
2. The ability to save and display files in UTF-8 and UCS-2/UTF-16.
A bug in the API that the latter uses is actually part of the problem the grandparent mentioned.
Of course, no one should use Notepad for doing anything useful... As a program, it does even less than its predecessor, MS-DOS's Edit.
In case you want to know why this happens (Score:3, Informative)
It's not really news though, and I doubt Hugh Thompson deserves any credit, Raymond Chen explained why things behave like this back in 2004 [msdn.com].
Re:I don't see the problem (Score:1, Informative)
But yeah, if you like copying and pasting twice, that works too.