| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue Mar 28 06:11:04 2006 From: asotirov at determina.com (Alexander Sotirov) Subject: Determina Fix for the IE createTextRange() bug Hi, It seems like the IE 0-day generated a lot of activity among the HIPS vendors this weekend. We at Determina spent the weekend working on a fix for the IE createTextRange() bug. It's finally ready for download, including full source code: http://www.determina.com/security_center/security_advisories/securityadvisory_march272006_1.asp DETCVE-2006-1359.msi MD5: 85b8bfc1c30c6b4451a3ab803f49708b SHA1: 308ae9a79e48adecf769fd50ac29ddc37a07d33c It supports all versions of IE 5.01 and IE6. The fix is a DLL that gets injected into all applications via the AppInit_DLLs registry key. The DLL fixes the bug by patching a _single_ byte in MSHTML.DLL when it is loaded in memory. This change makes the createTextRange() function return an error code instead of returning 0. This exactly how the problem was fixed in the latest IE7 beta from March 20th. If you are interested in the analysis of the bug, check out the comment before the patch_module() function in CVE-2006-1359.cpp. 16 more days until the Microsoft patch. Alex
Powered by blists - more mailing lists