Full Disclosure mailing list archives
Re: Third-party patch for CVE-2007-3896, UPDATE NOW
From: "KJK::Hyperion" <hackbunny () s0ftpj org>
Date: Wed, 17 Oct 2007 14:16:21 +0200
KJK::Hyperion ha scritto:
The present patch is dramatically under-tested and it has underwent no quality assurance procedure whatsoever, so please deploy with the greatest care.
Indeed, I just found a gruesome memory leak in it. A silly bug, brown paperbag-grade shame. If you installed my patch, upgrade RIGHT THIS MOMENT NOW or slowly die: <http://spacebunny.xepher.net/hack/shellexecutefiasco/> For the press guys watching: THIS IS VERY IMPORTANT, more important than the original patch was. I don't expect "shitty patch actually shitty" to seriously make the big headlines, but, hey, a heads up: there is a good reason Microsoft takes a lot of time to put patches out, after all. I don't do this for the reputation, either: I already made a U-turn on my feelings about the vulnerability, I'm not too proud to admit my mistakes (god knows how big the egos can get in FD) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype, (continued)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Geo. (Oct 07)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype 3APA3A (Oct 08)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Thierry Zoller (Oct 09)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Valdis . Kletnieks (Oct 07)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Geo. (Oct 07)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype KJK::Hyperion (Oct 07)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype gjgowey (Oct 07)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype john lokka (Oct 09)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype KJK::Hyperion (Oct 09)
- Third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) available KJK::Hyperion (Oct 13)
- Re: Third-party patch for CVE-2007-3896, UPDATE NOW KJK::Hyperion (Oct 17)
- I made third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) KJK::Hyperion (Oct 14)
- Re: I made third-party patch for CVE-2007-3896 (Internet Explorer 7 invalid URI handling) KJK::Hyperion (Oct 14)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Thierry Zoller (Oct 11)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Roger A. Grimes (Oct 07)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype Morning Wood (Oct 08)
- Re: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype KJK::Hyperion (Oct 06)