Full Disclosure

Defense in depth — the Microsoft way (part 21): errors/inconsistencies in Windows registry data may lead to buffer overflows or use of random data

November 25, 2014 007admin Leave a comment

Posted by Stefan Kanthak on Nov 26

Hi @ll,

according to <https://msdn.microsoft.com/en-us/library/ms724884.aspx>
the value data for REG_SZ and REG_EXPAND_SZ must be

| A null-terminated string…

and the value data for REG_MULTI_SZ must be

| A sequence of null-terminated strings, terminated by an empty string ().

The registry hives delivered with ALL versions of Windows but contain
entries with improper/invalid value data which does not satisfy the
data type…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information