Sorry if this has been covered previously, but is there a patch
either available or forthcoming for the Format String bug
in OllyDbg published by SecurityTeam last month?


Thanks.

-gm

I'm not aware of any patches (yet). A patch should work, but the only problem is that malware can easily undo the patch if it knows about it. The only proper solution is for Oleh to add a string handler before parsing anything to OutputDebugString, but I guess we'll have to wait for Ollydbg v2 for that.

I don't see it as a huge threat though ... press F9 to run the program and code will execute - you don't need to feed junk through OutputDebugString to accomplish that.

> press F9 to run the program and code will execute - you don't need to feed
> junk through OutputDebugString to accomplish that.

Good point. Tx.

-gm