lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sun Jun 25 11:01:57 2006
From: psz at (Paul Szabo)
Subject: hlink.dll: is IE affected?

MSRC says in :

  this is actually a vulnerability in hlink.dll which is a Windows component

so has much wider exposure than just Excel, as identified also e.g. in

I had thought that hlink.dll was an IE component. So I wonder: is IE
affected? A simple test seems to suggest IE refuses to recognize

  <a href="AAA... 4kbytes or over ...AAA">

as a clickable link. Does this mean that the "buffer overflow protection"
was mistakenly built into IE, instead of the library? Could there be
instances where IE calls hlink without a sanity-check?

What other software (besides Office and IE) uses hlink?


Paul Szabo
School of Mathematics and Statistics   University of Sydney    Australia

Powered by blists - more mailing lists