It is pretty shocking that @Microsoft ‘s answer is to disable inline asm inside lambdas rather than actually fix the compiler incorrect code. They are essentially hiding an existing vulnerability hoping that there are no other ways to trigger it. Pretty I rresponsible.
-
-
-
It's not a vulnerability, it's not irresponsible. Inline assembly is very much an implementation-specific feature, and it makes perfect sense to limit its use in complex situations (e.g. lambdas). For example, what does it even mean to reference a captured var from inline asm?
- 1 more reply
New conversation -
-
-
Wow, zdi used to be super selective for bugs. Honestly you could probably pwn just as many people by simply embedding a payload in inline assembly.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.