[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Openware.org IE Fix - Warning

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] Openware.org IE Fix - Warning
From: Thierry <Thierry@Sniff-em.com>
Date: Fri, 19 Dec 2003 13:25:48 +0100

According to Heise
(http://www.heise.de/newsticker/data/dab-19.12.03-002/)

The Openware.org IE fix introduces new flaws :

- The buffer to copy URL's is limited to 256 bytes
- Larger strings produce a buffer overflow, with possibility to
  overwrite the stack.

BoF Test :
http://www.heise.de/security/dienste/browsercheck/demos/ie/e5_18.shtml
(at the bottom, link entitled "TEST DES PATCHES")

  

-- 
Best regards,
 Thierry                          mailto:Thierry@Sniff-em.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Openware.org IE Fix - Warning
  - From: petard <petard@freeshell.org>

Prev by Date: RE: [Full-Disclosure] Cert Sucks and Leaks
Next by Date: [Full-Disclosure] MDKSA-2003:118 - Updated XFree86 packages fix xdm vulnerability
Previous by thread: Re: [Full-Disclosure] Cert Sucks and Leaks
Next by thread: Re: [Full-Disclosure] Openware.org IE Fix - Warning
Index(es):
- Date
- Thread