Full Disclosure mailing list archives
hlink.dll: is IE affected?
From: Paul Szabo <psz () maths usyd edu au>
Date: Sun, 25 Jun 2006 20:01:41 +1000
MSRC says in http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx : this is actually a vulnerability in hlink.dll which is a Windows component so has much wider exposure than just Excel, as identified also e.g. in http://www.auscert.org.au/6421 http://www.kb.cert.org/vuls/id/394444 I had thought that hlink.dll was an IE component. So I wonder: is IE affected? A simple test seems to suggest IE refuses to recognize <a href="AAA... 4kbytes or over ...AAA"> as a clickable link. Does this mean that the "buffer overflow protection" was mistakenly built into IE, instead of the library? Could there be instances where IE calls hlink without a sanity-check? What other software (besides Office and IE) uses hlink? Cheers, Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- hlink.dll: is IE affected? Paul Szabo (Jun 25)