BetaONE will rise again!


Reply
  #1  
Old 21st Dec 03, 12:38 AM
KingCobra's Avatar
KingCobra KingCobra is offline
Senior Member
 
Join Date: Dec 2001
Location: Illinois
Posts: 2,409
KingCobra is on a distinguished road
Send a message via Yahoo to KingCobra
Quote:
20 December 2003
  Updated: 17:39 GMT

The third-party 'open source' patch for Internet Explorer that we told you about earlier today, contains more than a few potentially nasty surprises. As we noted, German tech site Heise had already warned of dangerous buffer overflows.

Openwares.org, a month-old site which boasts "Software is free" today published source code and a binary executable purporting to fix a loophole in Internet Explorer for Windows. It's unusual, but not unprecedented, for third parties to issue their own fixes for Microsoft's exploit-riddled browser. But Heise advises that this patch could be more trouble than it's worth, and the fix has already been taken in for some maintenance.

"This patch addresses a vulnerability in Microsoft Internet Explorer that could allow Hackers and con-artists to to display a fake URL in the address and status bars. The vulnerability is caused due to an input validation error, which can be exploited by including the "%01" and "%00" URL encoded representations after the username and right before the "@" character in an URL," according to a release note accompanying the patch

Unfortunately, the authors of the patch also enabled a Windows Registry key used by spyware. IEmsg.dll.

"Wow, this was a truly poor attempt at a fix. Buffer overflows, memory leaks, and a nice liveupdate.exe hidden in the registry. I thought proprietary Microsoft software was bad!" writes one poster.
More Story -
Code:
http://www.theregister.com/content/55/34618.html
__________________
Reply With Quote
  #2  
Old 21st Dec 03, 06:23 AM
war59312 war59312 is offline
BetaONE Supporter
 
Join Date: Jul 2001
Location: U.S.A
Posts: 2,220
war59312 has disabled reputation
Send a message via ICQ to war59312 Send a message via AIM to war59312 Send a message via MSN to war59312 Send a message via Yahoo to war59312
Yea its a pos. Been deleted and all that site to my no no list.
__________________
Ad Muncher Usage Statistics for v4.7 Build 27105/1624
Adverts removed by Ad Muncher: 1,601,933
Approximate bandwidth saved: 12,515 MB
Counter started: April 2, 2003

Download: http://war59312.admuncher.com/download.shtml
Reply With Quote
  #3  
Old 24th Dec 03, 08:38 AM
DigitalSteel's Avatar
DigitalSteel DigitalSteel is offline
Senior Member
 
Join Date: Jul 2001
Posts: 190
DigitalSteel
now thats take crap to a whole new level
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Speed up system. greasemonkey Hardware Support 6 6th Nov 01 08:32 PM


All times are GMT +1. The time now is 06:50 AM.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.