BetaONE will rise again!


 
Prev Previous Post   Next Post Next
  #1  
Old 21st Dec 03, 12:38 AM
KingCobra's Avatar
KingCobra KingCobra is offline
Senior Member
 
Join Date: Dec 2001
Location: Illinois
Posts: 2,409
KingCobra is on a distinguished road
Send a message via Yahoo to KingCobra
Quote:
20 December 2003
  Updated: 17:39 GMT

The third-party 'open source' patch for Internet Explorer that we told you about earlier today, contains more than a few potentially nasty surprises. As we noted, German tech site Heise had already warned of dangerous buffer overflows.

Openwares.org, a month-old site which boasts "Software is free" today published source code and a binary executable purporting to fix a loophole in Internet Explorer for Windows. It's unusual, but not unprecedented, for third parties to issue their own fixes for Microsoft's exploit-riddled browser. But Heise advises that this patch could be more trouble than it's worth, and the fix has already been taken in for some maintenance.

"This patch addresses a vulnerability in Microsoft Internet Explorer that could allow Hackers and con-artists to to display a fake URL in the address and status bars. The vulnerability is caused due to an input validation error, which can be exploited by including the "%01" and "%00" URL encoded representations after the username and right before the "@" character in an URL," according to a release note accompanying the patch

Unfortunately, the authors of the patch also enabled a Windows Registry key used by spyware. IEmsg.dll.

"Wow, this was a truly poor attempt at a fix. Buffer overflows, memory leaks, and a nice liveupdate.exe hidden in the registry. I thought proprietary Microsoft software was bad!" writes one poster.
More Story -
Code:
http://www.theregister.com/content/55/34618.html
__________________
Reply With Quote
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Speed up system. greasemonkey Hardware Support 6 6th Nov 01 08:32 PM


All times are GMT +1. The time now is 08:14 AM.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.