the Win32 messaging API, the foundation of Windows, is inherently insecure:
-
textboxes can be instructed to remove attributes, such as length limits for incoming data (EM_SETLIMITTEXT)
-
a paste action can triggered (WM_PASTE)
-
an application can be instructed to jump to a given location in memory (WM_TIMER) – and the best thing is, the application can do nothing about it
Once again, it’s clear the Windows dev team chose totally a unnecessary degree of flexibility, over security. Great paper. (via /.)