Skip to comments.
Microsoft Internet Explorer MSHTML.DLL CSS Handling Remote Buffer Overflow Vulnerability
SecurityFocus ^
| 3/9/2005
Posted on 03/09/2005 10:48:17 AM PST by B Knotts
Microsoft Internet Explorer is reported prone to a remote buffer overflow vulnerability.
This issue presents itself when the application handles a malformed CSS file.
A typical attack would involve the attacker creating a Web site that includes the malicious CSS file. The attacker may then entice a vulnerable user to visit the site. If successful, this attack may result in granting the attacker unauthorized access to the affected computer in the context of the user running Internet Explorer.
TOPICS: Technical
KEYWORDS: browser; bufferoverflow; firefox; getamac; ie; internetexploiter; internetexplorer; lowqualitycrap; microsoft; mozilla; opera; securityflaw; windows
Navigation: use the links below to view more comments.
first 1-20, 21-31 next last
A heads up for IE-using Windows users.
This is a new one, as far as I know.
1
posted on
03/09/2005 10:48:30 AM PST
by
B Knotts
To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...
2
posted on
03/09/2005 10:50:13 AM PST
by
ShadowAce
(Linux -- The Ultimate Windows Service Pack)
To: B Knotts
Uh-oh! Here come those Apple and Linux wackos, trying to convince everyone what a horrible person Bill Gates is!
3
posted on
03/09/2005 11:01:10 AM PST
by
TommyDale
To: B Knotts
So this is different than this one posted earlier today - http://freerepublic.com/focus/f-news/1359141/posts
But still, where are all the pro MS folks who claim MS/IE is superior to the competition? And what of the story from a month ago from the "indepenedent" investigators who found MS/IE to be superior with respect to security than Mozilla/Linux/Unix/etc?
I won't hold my breathe.
4
posted on
03/09/2005 11:04:26 AM PST
by
SengirV
To: B Knotts
1. Install Mozilla Firefox
2. Install Ad Aware
3. Install Spy Bot
4. Install AVG
5. Install hardare firewall
6. Install software firewall "You get what you paid for" does not apply here - AVG, SpyBot, Firefox are free for personal use. Use IE for IE for Windows updates only!
5
posted on
03/09/2005 11:08:14 AM PST
by
DTA
To: B Knotts
Microsoft Internet Explorer is reported prone to a remote buffer overflow vulnerability.
For those interested in test-driving alternative browsers:
Mozilla/FirefoxOff By OneOpera
6
posted on
03/09/2005 11:10:47 AM PST
by
holymoly
("A lot" is TWO words.)
To: SengirV
But still, where are all the pro MS folks who claim MS/IE is superior to the competition? Hopefully, downloading Firefox.
Or Linux.
:-)
7
posted on
03/09/2005 11:32:26 AM PST
by
B Knotts
To: B Knotts
They usually skip threads like this and only show up with pro Linux and Apple threads.
8
posted on
03/09/2005 11:40:31 AM PST
by
SengirV
To: B Knotts
I am begining to think that the only way to use Windows of any vintage, safely, is to run it under VMware or XEN or Boch (sp?) or other virtualization system, booting it from a cd.
Then when it croaks from malware or just bitrot, as it will, you can restart a clean copy from the cd.
9
posted on
03/09/2005 11:44:46 AM PST
by
Rifleman
To: Golden Eagle
Here's Microsoft allowing Chinese hackers to break into our military's most sensitive computers. Get out those pom-poms and start dancin'.
Microsoft Microsoft yay! yay! yay! Microsoft Microsoft all the way!
|
10
posted on
03/09/2005 11:46:17 AM PST
by
Nick Danger
(The only way out is through)
To: B Knotts
Did you purposely skip over the vulnerability in the 2.6 Linux kernel, or is that posted elsewhere?
11
posted on
03/09/2005 11:53:08 AM PST
by
Doohickey
("This is a hard and dirty war, but when it's over, nothing will ever be too difficult again.”)
To: Doohickey
Which vulnerability is that? I'm not aware of any in 2.6.11 or 2.4.29.
12
posted on
03/09/2005 12:33:15 PM PST
by
B Knotts
To: Rifleman
Actually, with VMWare, it's even easier than installing a new copy from CD. I just zip up the VMWare directory where the virtual disk lives. When crap starts happening in the VM, I delete the directory and unzip a fresh copy.
I really like vmware, but don't use it nearly as much as I used to as I'm rarely needing the emulation it provides any more other than to check out LiveCD Linux distributions like Knoppix. It's worth what you pay for it though.
13
posted on
03/09/2005 12:50:01 PM PST
by
zeugma
(Come to the Dark Side...... We have cookies! (Made from the finest girlscouts!))
To: B Knotts
Golly, I don't know how you missed it.
Clicky.
14
posted on
03/09/2005 12:54:11 PM PST
by
Doohickey
("This is a hard and dirty war, but when it's over, nothing will ever be too difficult again.”)
To: Doohickey
Thanks. Hadn't seen that one yet on any of the news sites.
My guess, though, is that there will be a fix before there is an actual exploit. This is not the case with the IE hole.
15
posted on
03/09/2005 1:02:51 PM PST
by
B Knotts
To: Doohickey
Looks like there's already a patch for that, actually. Dunno how long before a new kernel is released, though.
16
posted on
03/09/2005 1:15:03 PM PST
by
B Knotts
To: Doohickey
Looks like a local exploit. Not a big worry to folks who run Linux on their desktop, unless they are busy hacking themselves, in which case, they have bigger problems.:-)
For servers where there are untrusted users, this whould be watched and patched.
17
posted on
03/09/2005 1:34:02 PM PST
by
zeugma
(Come to the Dark Side...... We have cookies! (Made from the finest girlscouts!))
To: B Knotts
It's not a patch, it's a workaround.
18
posted on
03/09/2005 1:35:25 PM PST
by
Doohickey
("This is a hard and dirty war, but when it's over, nothing will ever be too difficult again.”)
To: zeugma
It doesn't say one way or the other.
19
posted on
03/09/2005 1:36:14 PM PST
by
Doohickey
("This is a hard and dirty war, but when it's over, nothing will ever be too difficult again.”)
To: Doohickey
Look at the fifth line down--that indicates that it's a local exploit
20
posted on
03/09/2005 1:47:45 PM PST
by
ShadowAce
(Linux -- The Ultimate Windows Service Pack)
Navigation: use the links below to view more comments.
first 1-20, 21-31 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson