Microsoft Confirms Highly Critical IE Hole March 23, 2006

[mouser]

http://www.eweek.com...,1895,1941507,00.asp

official advisory: http://www.microsoft...dvisory/default.mspx

Microsoft Confirms 'Highly Critical' IE Hole
Microsoft plans to release a pre-patch advisory with workarounds for a "highly critical" vulnerability that could put millions of Internet Explorer users at the mercy of malicious hackers.
Secunia said in an alert that the vulnerability is due to an error in the processing of the "createTextRange()" method call applied on a radio button control.
"This can be exploited by a malicious Web site to corrupt memory in a way that allows the program flow to be redirected to the heap," Secunia said in the alert, warning that successful exploitation allows execution of arbitrary code whenever the target visits the rigged Web site.
 

[link from slashdot.org]

[allen]

Microsoft manages to put together some really awesome security holes.  It's as if they do it on purpose, they're so good at it.  They should be commended for doing what they do oh so well.

[Carol Haynes]

Makes you wonder why they program in C++ ... they obviously can't handle any sort of buffers in a secure way.

[mouser]

http://www.betanews....d_IE_Flaw/1143480762

Microsoft acknowledged Friday that an exploit has surfaced in the wild to take advantage of a recently uncovered security vulnerability in Internet Explorer. The flaw puts IE users at risk of code execution simply by visiting a malicious Web site, and affects fully patched Windows XP SP2 systems.

[Gerome]

Hi,

Makes you wonder why they program in C++ ... they obviously can't handle any sort of buffers in a secure way.

-Carol Haynes (March 23, 2006, 06:16 PM)

ROFL!
Hey, if there were no C/C++ developpers, I bet no windows, no Linux, no OS2, no MAcOS, no BeOS or whatever would have seen the day and we would still stuck to old amigas/amstrad/commodore and all those kinda old skool stuff, probably no internet connection also, probably not this message also... just my 2 cents...

[Carol Haynes]

LOL - true - but ... and it is a big but ... I didn't mean no one should program in C/C++ just MS !!

Actually a lot of the 'old time' stuff did have a lot going for it! Just imagine running decent graphics software (the orogonal Xara) and good DTP software on a system with 8Mb of memory and a 120Mb hard disc. (plus it has internet access etc). I still have the machine upstairs and it still works. I also used it as a MIDI control system. The OS was written in machine code and never crashed ... ever!

[Gerome]

Hello,

LOL - true - but ... and it is a big but ... I didn't mean no one should program in C/C++ just MS !!

Actually a lot of the 'old time' stuff did have a lot going for it! Just imagine running decent graphics software (the orogonal Xara) and good DTP software on a system with 8Mb of memory and a 120Mb hard disc. (plus it has internet access etc). I still have the machine upstairs and it still works. I also used it as a MIDI control system. The OS was written in machine code and never crashed ... ever!

-Carol Haynes (March 27, 2006, 04:45 PM)

There was a time when true developpers were really developping more interesting things rather blogging and developping marketting stuff for nutthin'
Thanks God, those developpers are still there, but they dont possess latest Intel or Amd or ... or latest CPU of the 'market', that's why we can still find many applications that are not memory greedy, but rather functional even on little computers... and even little interesting languages/tools can be found if people would take care 5 minutes... ^^