Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Y3K problems ? - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Y3K problems ?
I almost had a déjà-vu moment when I read: CVE-2007-0842
So time handling functions in Visual C++ 8.0 can't go beyond Jan 1st 3000, didn't the industry learn almost a decade ago that dates move on and building any arbitrary limit is a bad idea(tm).

To add injury to the insult it's not that it returns something indicating it can't handle a date that far in the future, but just throws up an exception and terminates the application, causing opportunity for causing a DoS.

--
Swa Frantzen -- NET2S.com
Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!