Nothing to do with this story i don't guess but when I ran my mouse over the ms ad the title read "gratuitous monkey skull" which is the alt/title from my own sites bottom graphic and I haven't gone there this session fire fox maybe needs some work or perhaps it's a feature.

The source code for this patch reveals it to have what as far as I can tell is a serious and very likely exploitable heap buffer overflow. I'll be posting a longer analysis later when I've had a chance to polish it up, but the underlying bug, in case anyone wants to take a look for themselves is in an algorithmic error: the author repeatedly tries to convert the count of WCHARs in a string into a size in bytes by dividing by the size of a WCHAR instead of multiplying it, which produces a result that is only a quarter of what it should be. Check the way cbPrefix is miscalculated and then used later to size a heap buffer that is LocalAlloc'd and, I'm fairly sure, the reassembled url gets written right over the end of this buffer and into trailing heap space.

Your post is surely a 'may contain highly-techinical content that leads to 95% of readership head explosions'

Notwithstanding, please do your further analysis and post findings soonest

I do not often tout/support M$, or their ivory tower lofty opinions and self-opinions, but flaw-finding in unofficial patches is:

a) worthy and to be respected, even though it

b) supports M$ 'party line' against installation of sauch patches

"Redmond's planned patch, whose release date remains unclear, is targeted at Windows Server 2003 and Windows XP with Internet Explorer 7 installed. Vista "

What about Vista? Perhaps the rest of the sentence would go something along the lines of, "Vista is not so much an Operating System, as a chocolate teapot, and since it can't be reasonably expected to do anything useful, may safely be ignored when applying Operating System patches."

I cant even install the LAST security update; every time I have done so, my PC wont start on reboot and I have to revert to "Last Known Good Configuration".

Lucky I use Firefox for everything except Windows Update which, despite M$ claims to the contrary WONT work with anything other than IE