A security researcher has beaten Microsoft to the punch with the release of an unofficial patch for an Internet Explorer 7 bug. The unofficial update targets a Universal Resource Identifier (URI) vulnerability that Microsoft acknowledged last week, after months of maintaining that the flaw stemmed from the security shortcomings …
I just noticed something
Nothing to do with this story i don't guess but when I ran my mouse over the ms ad the title read "gratuitous monkey skull" which is the alt/title from my own sites bottom graphic and I haven't gone there this session fire fox maybe needs some work or perhaps it's a feature.
I noticed something even more interesting...
The source code for this patch reveals it to have what as far as I can tell is a serious and very likely exploitable heap buffer overflow. I'll be posting a longer analysis later when I've had a chance to polish it up, but the underlying bug, in case anyone wants to take a look for themselves is in an algorithmic error: the author repeatedly tries to convert the count of WCHARs in a string into a size in bytes by dividing by the size of a WCHAR instead of multiplying it, which produces a result that is only a quarter of what it should be. Check the way cbPrefix is miscalculated and then used later to size a heap buffer that is LocalAlloc'd and, I'm fairly sure, the reassembled url gets written right over the end of this buffer and into trailing heap space.
wow! AC - icon choice ;-)
Your post is surely a 'may contain highly-techinical content that leads to 95% of readership head explosions'
Notwithstanding, please do your further analysis and post findings soonest
I do not often tout/support M$, or their ivory tower lofty opinions and self-opinions, but flaw-finding in unofficial patches is:
a) worthy and to be respected, even though it
b) supports M$ 'party line' against installation of sauch patches
What's the take on Vista? That part of the story seems to have been cut off.
What about Schmidt? Er, I mean, Vista?
"Redmond's planned patch, whose release date remains unclear, is targeted at Windows Server 2003 and Windows XP with Internet Explorer 7 installed. Vista "
What about Vista? Perhaps the rest of the sentence would go something along the lines of, "Vista is not so much an Operating System, as a chocolate teapot, and since it can't be reasonably expected to do anything useful, may safely be ignored when applying Operating System patches."
IE 7 ?? PAH !!!!
I cant even install the LAST security update; every time I have done so, my PC wont start on reboot and I have to revert to "Last Known Good Configuration".
Lucky I use Firefox for everything except Windows Update which, despite M$ claims to the contrary WONT work with anything other than IE