Bugtraq mailing list archives
Re: IE4.0 patch
From: jw () QITS NET AU (John Wiltshire)
Date: Fri, 14 Nov 1997 10:59:07 +1000
The patch will be to the mshtml control which is the core of Internet Explorer and is what the other applications mentioned by l0pht will be using. Hence the patch to IE will fix the other apps. John Wiltshire
-----Original Message----- From: Richard Trott [SMTP:trott () REMUS RUTGERS EDU] Sent: Friday, November 14, 1997 5:39 AM To: BUGTRAQ () NETSPACE ORG Subject: IE4.0 patch Microsoft released a patch for the recently-reported (via l0pht--see http://l0pht.com/advisories.html if you missed it on bugtraq) buffer overflow in Win95 with regard to res:// type URLs. Does anyone know if the patch (http://www.microsoft.com/ie/security/?/ie/security/buffer.htm to get it) actually fixes Win95, or if it's just an IE patch? The l0pht advisory indicated that other apps were vulnerable because the problem was with Win95, not IE. (Easy, if not-so-thorough, way to test: use Outlook Express (or Windows Explorer) to view a bogus res:// URL of longer than 256 characters and watch it crash Outlook Express (or Windows Explorer). Install patch above. Try again. Does it still crash? I don't have a Win95 machine at my disposal to test this with...) Richard Trott trott () remus rutgers edu
Current thread:
- Re: IE4.0 patch John Wiltshire (Nov 13)