Shoot the Messenger - Using Window Messages to Exploit Local win32 Applications

Presented at DEF CON 12 (2004), July 31, 2004, noon (50 minutes)

The windows GDI interface uses messages to pass input and events to windows. As there is currently no way of determining who the sender of the message is, it is possible for a low privileged application to send messages to and interact with a process of higher privilege.


  • Brett Moore - CTO,
    Brett Moore leads the security research and network intrusion teams at He has been credited with the discovery of multiple security vulnerabilities in both private and public software vendors' products including Microsoft web products.


Similar Presentations: