lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: helmut_hauser at hotmail.com (helmut hauser)
Subject: Openware.org IE Fix - Withdrawn

And this is NO stupid thread ...

Open source' IE patch withdrawn for further patching

Quote:

The third-party 'open source' patch for Internet Explorer that we told you 
about earlier today, contains more than a few potentially nasty surprises. 
As we noted, German tech site Heise had already warned of dangerous buffer 
overflows. Openwares.org, a month-old site which boasts "Software is free" 
today published source code and a binary executable purporting to fix a 
loophole in Internet Explorer for Windows. It's unusual, but not 
unprecedented, for third parties to issue their own fixes for Microsoft's 
exploit-riddled browser. But Heise advises that this patch could be more 
trouble than it's worth, and the fix has already been taken in for some 
maintenance.

"This patch addresses a vulnerability in Microsoft Internet Explorer that 
could allow Hackers and con-artists to to display a fake URL in the address 
and status bars. The vulnerability is caused due to an input validation 
error, which can be exploited by including the "%01" and "%00" URL encoded 
representations after the username and right before the "@" character in an 
URL," according to a release note accompanying the patch. Unfortunately, the 
authors of the patch also enabled a Windows Registry key used by spyware. 
IEmsg.dll. "When we're absulotly [sic] sure that the code is bulletproof 
we'll re-release it," says Openwares's forum administrator.



News Source:

http://www.theregister.co.uk/content/55/34618.html

_________________________________________________________________
FreeSMS abr?umen mit dem MSN Messenger - der Countdown l?uft! 
http://messenger-mania.msn.de Jetzt mitmachen und gewinnen!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ