[5600] in bugtraq
Re: IE4.0 patch
daemon@ATHENA.MIT.EDU (John Wiltshire)
Fri Nov 14 02:38:44 1997
Date: Fri, 14 Nov 1997 10:59:07 +1000
Reply-To: John Wiltshire <jw@QITS.NET.AU>
From: John Wiltshire <jw@QITS.NET.AU>
X-To: Richard Trott <trott@REMUS.RUTGERS.EDU>
To: BUGTRAQ@NETSPACE.ORG
The patch will be to the mshtml control which is the core of Internet
Explorer and is what the other applications mentioned by l0pht will be
using. Hence the patch to IE will fix the other apps.
John Wiltshire
> -----Original Message-----
> From: Richard Trott [SMTP:trott@REMUS.RUTGERS.EDU]
> Sent: Friday, November 14, 1997 5:39 AM
> To: BUGTRAQ@NETSPACE.ORG
> Subject: IE4.0 patch
>
> Microsoft released a patch for the recently-reported (via l0pht--see
> http://l0pht.com/advisories.html if you missed it on bugtraq) buffer
> overflow in Win95 with regard to res:// type URLs.
>
> Does anyone know if the patch
> (http://www.microsoft.com/ie/security/?/ie/security/buffer.htm to get
> it)
> actually fixes Win95, or if it's just an IE patch? The l0pht advisory
> indicated that other apps were vulnerable because the problem was with
> Win95, not IE. (Easy, if not-so-thorough, way to test: use Outlook
> Express (or Windows Explorer) to view a bogus res:// URL of longer
> than
> 256 characters and watch it crash Outlook Express (or Windows
> Explorer).
> Install patch above. Try again. Does it still crash? I don't have a
> Win95 machine at my disposal to test this with...)
>
> Richard Trott
> trott@remus.rutgers.edu
