> Ok, according to the responsible company:
> "CLSID [...] refer[s] to a 128-bit integer with a low statistical
> likelihood of being duplicated so that it can be used as a unique
> identifier across computers and networks. Typically, this identifier is
> represented either as a 16-member array of bytes or as a specially
> formatted string of hexadecimal digits (where the characters a-f, or A-F,
> represent the decimal numbers 10-15). This string representation consists
> of either 32 contiguous hexadecimal digits or of groups of 8, 4, 4, 4, and
> 12 hexadecimal digits, separated by hyphens. The hyphenated string
> representation optionally can be enclosed in parentheses or braces ({})."
> -- http://msdn2.microsoft.com/en-us/microsoft.aspnet.snapin.clsid.aspx
>
> So I guess we need sth. like
> \{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}
The question here is not what is a valid CLSID, but what syntax does
MS software interpret as a CLSID. I remember reading some discussion about
it when the CLSID exploitability became popular, but can't find it now
(perhaps it was in "Bypassing content filtering whitepaper", or similar).
I think MS is quite tolerant, e.g. to a missing trailing '}' and other
anomalies, which made me relax the regexp - probably too much.
Can someone find more info on the topic?
Mark
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
