Re: IE4.0 patch

[jw () QITS NET AU (John Wiltshire)]

The patch will be to the mshtml control which is the core of Internet
Explorer and is what the other applications mentioned by l0pht will be
using.  Hence the patch to IE will fix the other apps.

John Wiltshire

> -----Original Message-----
> From: Richard Trott [SMTP:trott () REMUS RUTGERS EDU]
> Sent: Friday, November 14, 1997 5:39 AM
> To:   BUGTRAQ () NETSPACE ORG
> Subject:      IE4.0 patch
>
> Microsoft released a patch for the recently-reported (via l0pht--see
> http://l0pht.com/advisories.html if you missed it on bugtraq) buffer
> overflow in Win95 with regard to res:// type URLs.
>
> Does anyone know if the patch
> (http://www.microsoft.com/ie/security/?/ie/security/buffer.htm to get
> it)
> actually fixes Win95, or if it's just an IE patch?  The l0pht advisory
> indicated that other apps were vulnerable because the problem was with
> Win95, not IE.  (Easy, if not-so-thorough, way to test:  use Outlook
> Express (or Windows Explorer) to view a bogus res:// URL of longer
> than
> 256 characters and watch it crash Outlook Express (or Windows
> Explorer).
> Install patch above.  Try again.  Does it still crash?  I don't have a
> Win95 machine at my disposal to test this with...)
>
> Richard Trott
> trott () remus rutgers edu