lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun Jun 25 11:01:57 2006 From: psz at maths.usyd.edu.au (Paul Szabo) Subject: hlink.dll: is IE affected? MSRC says in http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx : this is actually a vulnerability in hlink.dll which is a Windows component so has much wider exposure than just Excel, as identified also e.g. in http://www.auscert.org.au/6421 http://www.kb.cert.org/vuls/id/394444 I had thought that hlink.dll was an IE component. So I wonder: is IE affected? A simple test seems to suggest IE refuses to recognize <a href="AAA... 4kbytes or over ...AAA"> as a clickable link. Does this mean that the "buffer overflow protection" was mistakenly built into IE, instead of the library? Could there be instances where IE calls hlink without a sanity-check? What other software (besides Office and IE) uses hlink? Cheers, Paul Szabo psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia
Powered by blists - more mailing lists