ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Microsoft Confirms Highly Critical IE Hole March 23, 2006

(1/2) > >>

mouser:
http://www.eweek.com/article2/0,1895,1941507,00.asp

official advisory: http://www.microsoft.com/technet/security/advisory/default.mspx

Microsoft Confirms 'Highly Critical' IE Hole
Microsoft plans to release a pre-patch advisory with workarounds for a "highly critical" vulnerability that could put millions of Internet Explorer users at the mercy of malicious hackers.
Secunia said in an alert that the vulnerability is due to an error in the processing of the "createTextRange()" method call applied on a radio button control.
"This can be exploited by a malicious Web site to corrupt memory in a way that allows the program flow to be redirected to the heap," Secunia said in the alert, warning that successful exploitation allows execution of arbitrary code whenever the target visits the rigged Web site.
 
--- End quote ---




[link from slashdot.org]

allen:
Microsoft manages to put together some really awesome security holes.  It's as if they do it on purpose, they're so good at it.  They should be commended for doing what they do oh so well.

Carol Haynes:
Makes you wonder why they program in C++ ... they obviously can't handle any sort of buffers in a secure way.

mouser:
http://www.betanews.com/article/Exploit_Surfaces_for_Unpatched_IE_Flaw/1143480762

Microsoft acknowledged Friday that an exploit has surfaced in the wild to take advantage of a recently uncovered security vulnerability in Internet Explorer. The flaw puts IE users at risk of code execution simply by visiting a malicious Web site, and affects fully patched Windows XP SP2 systems.

--- End quote ---

Gerome:
Hi,
Makes you wonder why they program in C++ ... they obviously can't handle any sort of buffers in a secure way.
-Carol Haynes (March 23, 2006, 06:16 PM)
--- End quote ---

ROFL!
Hey, if there were no C/C++ developpers, I bet no windows, no Linux, no OS2, no MAcOS, no BeOS or whatever would have seen the day and we would still stuck to old amigas/amstrad/commodore and all those kinda old skool stuff, probably no internet connection also, probably not this message also... just my 2 cents...

Navigation

[0] Message Index

[#] Next page

Go to full version