Re: IE4.0 patch

John Wiltshire (jw@QITS.NET.AU)
Fri, 14 Nov 1997 10:59:07 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: G P R: "Linux IP fragment overlap bug"
Previous message: Erik Troan: "Re: Safe /tmp cleanup"
Maybe in reply to: Richard Trott: "IE4.0 patch"

The patch will be to the mshtml control which is the core of Internet
Explorer and is what the other applications mentioned by l0pht will be
using. Hence the patch to IE will fix the other apps.

John Wiltshire

> -----Original Message-----
> From: Richard Trott [SMTP:trott@REMUS.RUTGERS.EDU]
> Sent: Friday, November 14, 1997 5:39 AM
> To: BUGTRAQ@NETSPACE.ORG
> Subject: IE4.0 patch
>
> Microsoft released a patch for the recently-reported (via l0pht--see
> http://l0pht.com/advisories.html if you missed it on bugtraq) buffer
> overflow in Win95 with regard to res:// type URLs.
>
> Does anyone know if the patch
> (http://www.microsoft.com/ie/security/?/ie/security/buffer.htm to get
> it)
> actually fixes Win95, or if it's just an IE patch? The l0pht advisory
> indicated that other apps were vulnerable because the problem was with
> Win95, not IE. (Easy, if not-so-thorough, way to test: use Outlook
> Express (or Windows Explorer) to view a bogus res:// URL of longer
> than
> 256 characters and watch it crash Outlook Express (or Windows
> Explorer).
> Install patch above. Try again. Does it still crash? I don't have a
> Win95 machine at my disposal to test this with...)
>
> Richard Trott
> trott@remus.rutgers.edu

Next message: G P R: "Linux IP fragment overlap bug"
Previous message: Erik Troan: "Re: Safe /tmp cleanup"
Maybe in reply to: Richard Trott: "IE4.0 patch"