[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Openware.org IE Fix - Warning
- To: full-disclosure@lists.netsys.com
- Subject: [Full-Disclosure] Openware.org IE Fix - Warning
- From: Thierry <Thierry@Sniff-em.com>
- Date: Fri, 19 Dec 2003 13:25:48 +0100
According to Heise
(http://www.heise.de/newsticker/data/dab-19.12.03-002/)
The Openware.org IE fix introduces new flaws :
- The buffer to copy URL's is limited to 256 bytes
- Larger strings produce a buffer overflow, with possibility to
overwrite the stack.
BoF Test :
http://www.heise.de/security/dienste/browsercheck/demos/ie/e5_18.shtml
(at the bottom, link entitled "TEST DES PATCHES")
--
Best regards,
Thierry mailto:Thierry@Sniff-em.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html