topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 6:05 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Microsoft Confirms Highly Critical IE Hole March 23, 2006  (Read 5262 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
http://www.eweek.com...,1895,1941507,00.asp

official advisory: http://www.microsoft...dvisory/default.mspx

Microsoft Confirms 'Highly Critical' IE Hole
Microsoft plans to release a pre-patch advisory with workarounds for a "highly critical" vulnerability that could put millions of Internet Explorer users at the mercy of malicious hackers.
Secunia said in an alert that the vulnerability is due to an error in the processing of the "createTextRange()" method call applied on a radio button control.
"This can be exploited by a malicious Web site to corrupt memory in a way that allows the program flow to be redirected to the heap," Secunia said in the alert, warning that successful exploitation allows execution of arbitrary code whenever the target visits the rigged Web site.
 





[link from slashdot.org]

allen

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,206
    • View Profile
    • Donate to Member
Re: Microsoft Confirms Highly Critical IE Hole March 23, 2006
« Reply #1 on: March 23, 2006, 06:11 PM »
Microsoft manages to put together some really awesome security holes.  It's as if they do it on purpose, they're so good at it.  They should be commended for doing what they do oh so well.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Microsoft Confirms Highly Critical IE Hole March 23, 2006
« Reply #2 on: March 23, 2006, 06:16 PM »
Makes you wonder why they program in C++ ... they obviously can't handle any sort of buffers in a secure way.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Microsoft Confirms Highly Critical IE Hole March 23, 2006
« Reply #3 on: March 27, 2006, 12:00 PM »
http://www.betanews....d_IE_Flaw/1143480762

Microsoft acknowledged Friday that an exploit has surfaced in the wild to take advantage of a recently uncovered security vulnerability in Internet Explorer. The flaw puts IE users at risk of code execution simply by visiting a malicious Web site, and affects fully patched Windows XP SP2 systems.

Gerome

  • Charter Honorary Member
  • Joined in 2006
  • ***
  • Posts: 154
    • View Profile
    • Get my Freestyle Basic Script Language + compiler!
    • Donate to Member
Re: Microsoft Confirms Highly Critical IE Hole March 23, 2006
« Reply #4 on: March 27, 2006, 03:32 PM »
Hi,
Makes you wonder why they program in C++ ... they obviously can't handle any sort of buffers in a secure way.
-Carol Haynes (March 23, 2006, 06:16 PM)

ROFL!
Hey, if there were no C/C++ developpers, I bet no windows, no Linux, no OS2, no MAcOS, no BeOS or whatever would have seen the day and we would still stuck to old amigas/amstrad/commodore and all those kinda old skool stuff, probably no internet connection also, probably not this message also... just my 2 cents...
Yours,
(¯`·._.·[Gerome GUILLEMIN]·._.·´¯)
http://www.fbsl.net [FBSL Author]
http://gedd123.free.fr/FBSLv3.zip [FBSL Help file]
(¯`·._.·[If you need help... just ask]·._.·´¯)

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Microsoft Confirms Highly Critical IE Hole March 23, 2006
« Reply #5 on: March 27, 2006, 04:45 PM »
LOL - true - but ... and it is a big but ... I didn't mean no one should program in C/C++ just MS !!

Actually a lot of the 'old time' stuff did have a lot going for it! Just imagine running decent graphics software (the orogonal Xara) and good DTP software on a system with 8Mb of memory and a 120Mb hard disc. (plus it has internet access etc). I still have the machine upstairs and it still works. I also used it as a MIDI control system. The OS was written in machine code and never crashed ... ever!

Gerome

  • Charter Honorary Member
  • Joined in 2006
  • ***
  • Posts: 154
    • View Profile
    • Get my Freestyle Basic Script Language + compiler!
    • Donate to Member
Re: Microsoft Confirms Highly Critical IE Hole March 23, 2006
« Reply #6 on: March 27, 2006, 04:53 PM »
Hello,

LOL - true - but ... and it is a big but ... I didn't mean no one should program in C/C++ just MS !!

Actually a lot of the 'old time' stuff did have a lot going for it! Just imagine running decent graphics software (the orogonal Xara) and good DTP software on a system with 8Mb of memory and a 120Mb hard disc. (plus it has internet access etc). I still have the machine upstairs and it still works. I also used it as a MIDI control system. The OS was written in machine code and never crashed ... ever!
-Carol Haynes (March 27, 2006, 04:45 PM)

There was a time when true developpers were really developping more interesting things rather blogging and developping marketting stuff for nutthin'
Thanks God, those developpers are still there, but they dont possess latest Intel or Amd or ... or latest CPU of the 'market', that's why we can still find many applications that are not memory greedy, but rather functional even on little computers... and even little interesting languages/tools can be found if people would take care 5 minutes... ^^
Yours,
(¯`·._.·[Gerome GUILLEMIN]·._.·´¯)
http://www.fbsl.net [FBSL Author]
http://gedd123.free.fr/FBSLv3.zip [FBSL Help file]
(¯`·._.·[If you need help... just ask]·._.·´¯)