Bizarre
Résolu
Lulu69
Messages postés
4143
Date d'inscription
mercredi 17 novembre 2004
Statut
Membre
Dernière intervention
13 décembre 2022
-
20 nov. 2004 à 21:09
darkcrystal33 Messages postés 3808 Date d'inscription dimanche 21 mars 2004 Statut Contributeur Dernière intervention 22 septembre 2008 - 21 nov. 2004 à 14:05
darkcrystal33 Messages postés 3808 Date d'inscription dimanche 21 mars 2004 Statut Contributeur Dernière intervention 22 septembre 2008 - 21 nov. 2004 à 14:05
1 réponse
darkcrystal33
Messages postés
3808
Date d'inscription
dimanche 21 mars 2004
Statut
Contributeur
Dernière intervention
22 septembre 2008
193
21 nov. 2004 à 14:05
21 nov. 2004 à 14:05
CETTE INFORMATION N'EST PAS EXACTE AU SENS QU'ELLE A ETE DEMANTIE PAR L'AUTEUR LUI MEME.
Mr Michal Zalewski a publié une mise à jour de son premier message indiquant que MICROSOFT INTERNET EXPLORER est VULNERABLE!!!
extrait:
"To all those who considered my original post to be a great propaganda
ammunition for praising MSIE, bad news - although it did take a longer
while for it to give up - three hours - (impressive by comparison to
competitors), it eventually did:
http://lcamtuf.coredump.cx/mangleme/gallery/ie_die1.html
Tested on 6.0.2800.1106, dies in mshtml.dll. This is a NULL pointer
dereference, so merely a DoS condition, but still an evident flaw in
basic HTML parsing.
******************************************************************
* This means that VIRTUALLY EVERY BROWSER IN USE TODAY is unable *
* to securely render HTML. Keeping in mind that not only web *
* browsing, but also integrated e-mail is at risk, it is a grim *
* thought. *
******************************************************************"
article complet ici:
http://www.securityfocus.com/archive/1/379207/2004-10-22/2004-10-28/0
DEMONSTRATION:
http://lcamtuf.coredump.cx/mangleme/gallery/ie_die1.html
Cette news se devait donc d'être mise à jour.
Mr Michal Zalewski a publié une mise à jour de son premier message indiquant que MICROSOFT INTERNET EXPLORER est VULNERABLE!!!
extrait:
"To all those who considered my original post to be a great propaganda
ammunition for praising MSIE, bad news - although it did take a longer
while for it to give up - three hours - (impressive by comparison to
competitors), it eventually did:
http://lcamtuf.coredump.cx/mangleme/gallery/ie_die1.html
Tested on 6.0.2800.1106, dies in mshtml.dll. This is a NULL pointer
dereference, so merely a DoS condition, but still an evident flaw in
basic HTML parsing.
******************************************************************
* This means that VIRTUALLY EVERY BROWSER IN USE TODAY is unable *
* to securely render HTML. Keeping in mind that not only web *
* browsing, but also integrated e-mail is at risk, it is a grim *
* thought. *
******************************************************************"
article complet ici:
http://www.securityfocus.com/archive/1/379207/2004-10-22/2004-10-28/0
DEMONSTRATION:
http://lcamtuf.coredump.cx/mangleme/gallery/ie_die1.html
Cette news se devait donc d'être mise à jour.
