[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] hlink.dll: is IE affected?

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] hlink.dll: is IE affected?
From: Paul Szabo <psz@xxxxxxxxxxxxxxxxx>
Date: Sun, 25 Jun 2006 20:01:41 +1000

MSRC says in http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx :

  this is actually a vulnerability in hlink.dll which is a Windows component

so has much wider exposure than just Excel, as identified also e.g. in

  http://www.auscert.org.au/6421
  http://www.kb.cert.org/vuls/id/394444

I had thought that hlink.dll was an IE component. So I wonder: is IE
affected? A simple test seems to suggest IE refuses to recognize

  <a href="AAA... 4kbytes or over ...AAA">

as a clickable link. Does this mean that the "buffer overflow protection"
was mistakenly built into IE, instead of the library? Could there be
instances where IE calls hlink without a sanity-check?

What other software (besides Office and IE) uses hlink?

Cheers,

Paul Szabo   psz@xxxxxxxxxxxxxxxxx   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] MS Excel Remote Code Execution POC Exploit
Next by Date: [Full-disclosure] Windows Live Messenger 8.0 ( Contact List *.ctt ) Heap Overflow
Previous by thread: [Full-disclosure] Beginners guide to owning Yahoo network
Next by thread: [Full-disclosure] Windows Live Messenger 8.0 ( Contact List *.ctt ) Heap Overflow
Index(es):
- Date
- Thread