Full Disclosure mailing list archives
Openware.org IE Fix - Warning
From: Thierry <Thierry () Sniff-em com>
Date: Fri, 19 Dec 2003 13:25:48 +0100
According to Heise (http://www.heise.de/newsticker/data/dab-19.12.03-002/) The Openware.org IE fix introduces new flaws : - The buffer to copy URL's is limited to 256 bytes - Larger strings produce a buffer overflow, with possibility to overwrite the stack. BoF Test : http://www.heise.de/security/dienste/browsercheck/demos/ie/e5_18.shtml (at the bottom, link entitled "TEST DES PATCHES") -- Best regards, Thierry mailto:Thierry () Sniff-em com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Openware.org IE Fix - Warning Thierry (Dec 19)
- Re: Openware.org IE Fix - Warning petard (Dec 19)
- Re: Openware.org IE Fix - Warning Erik van Straten (Dec 19)
- Re[2]: Openware.org IE Fix - Warning phased (Dec 19)
- Re: Openware.org IE Fix - Warning Erik van Straten (Dec 19)
- <Possible follow-ups>
- Re: Openware.org IE Fix - Warning Aaron Horst (Dec 19)
- Re: Openware.org IE Fix - Warning petard (Dec 19)