ferlatte. 12 days ago.

The Second Life updater just downloaded the updater.exe from the website and ran it with no validation. One day, that returned a 404.

Cool thing about Win32: if you try to run an EXE, Windows checks to see if it's a valid format (PE). If it's not, it assumes that it's a COM: 16 bit x86 instructions, no header, no validation.

The 404 page, when interpreted as x86 bytecode, effectively opened the LPT DOS device and wrote garbage into it.

Windows would map that into your actual printer driver in some cases if you had a printer connected directly to your computer. Cheap inkjet printers don't do any validation, so they would freak out, spew paper, and in one case, physically break.

Sign in to participate in the conversation

masto instance for the tildeverse