OT: Windows releases info on how to fix the latest exploit of Explorer
Brian Densmore
DensmoreB at ctbsonline.com
Tue Feb 17 20:15:38 CST 2004
"Dear Windows user,
Due to the fact our source code has been misappropriated and
evil hackers have created a new exploit that can be used to
0wnz any Windows machine running Internet Explorer 5 or earlier,
please turn off viewing pictures while websurfing.
Thank you,
The Microsoft Secure Initiative Team"
In case anyone missed it, the latest hack causes a stack overflow in
IE 5 with a well crafted bitmap. Which of course make LookOut susceptible,
too. It seems they used an unsigned integer and feed that into a signed
integer, thus allowing the possibility to send a very large number (> 2^31)
that is then interpreted as a negative and thus trashing the stack.
Whoo hoo.
Brian
"Three OS's from corporate-kings in their towers of glass,
Seven from valley-lords where orchards used to grow,
Nine from dotcoms doomed to die,
one from the dark lord Gates on his dark throne
In the Land of Redmond where the Shadows lie.
one OS to rule them all, one OS to find them,
one OS to bring them all and in the darkness bind them,
In the Land of Redmond where the Shadows lie." john thrum
More information about the Kclug
mailing list