Feeds

back to article Researcher releases unofficial IE fix for URI bug

A security researcher has beaten Microsoft to the punch with the release of an unofficial patch for an Internet Explorer 7 bug. The unofficial update targets a Universal Resource Identifier (URI) vulnerability that Microsoft acknowledged last week, after months of maintaining that the flaw stemmed from the security shortcomings …

COMMENTS

This topic is closed for new posts.
Black Helicopters

I just noticed something

Nothing to do with this story i don't guess but when I ran my mouse over the ms ad the title read "gratuitous monkey skull" which is the alt/title from my own sites bottom graphic and I haven't gone there this session fire fox maybe needs some work or perhaps it's a feature.

0
0
Stop

I noticed something even more interesting...

The source code for this patch reveals it to have what as far as I can tell is a serious and very likely exploitable heap buffer overflow. I'll be posting a longer analysis later when I've had a chance to polish it up, but the underlying bug, in case anyone wants to take a look for themselves is in an algorithmic error: the author repeatedly tries to convert the count of WCHARs in a string into a size in bytes by dividing by the size of a WCHAR instead of multiplying it, which produces a result that is only a quarter of what it should be. Check the way cbPrefix is miscalculated and then used later to size a heap buffer that is LocalAlloc'd and, I'm fairly sure, the reassembled url gets written right over the end of this buffer and into trailing heap space.

0
0
Alert

wow! AC - icon choice ;-)

Your post is surely a 'may contain highly-techinical content that leads to 95% of readership head explosions'

Notwithstanding, please do your further analysis and post findings soonest

I do not often tout/support M$, or their ivory tower lofty opinions and self-opinions, but flaw-finding in unofficial patches is:

a) worthy and to be respected, even though it

b) supports M$ 'party line' against installation of sauch patches

0
0

Vista?

What's the take on Vista? That part of the story seems to have been cut off.

0
0
Coat

What about Schmidt? Er, I mean, Vista?

"Redmond's planned patch, whose release date remains unclear, is targeted at Windows Server 2003 and Windows XP with Internet Explorer 7 installed. Vista "

What about Vista? Perhaps the rest of the sentence would go something along the lines of, "Vista is not so much an Operating System, as a chocolate teapot, and since it can't be reasonably expected to do anything useful, may safely be ignored when applying Operating System patches."

0
0
Bronze badge
Gates Horns

IE 7 ?? PAH !!!!

I cant even install the LAST security update; every time I have done so, my PC wont start on reboot and I have to revert to "Last Known Good Configuration".

Lucky I use Firefox for everything except Windows Update which, despite M$ claims to the contrary WONT work with anything other than IE

0
0
This topic is closed for new posts.