Bizarre
Résolu
Lulu69
Messages postés
4147
Date d'inscription
Statut
Membre
Dernière intervention
-
darkcrystal33 Messages postés 3809 Date d'inscription Statut Contributeur Dernière intervention -
darkcrystal33 Messages postés 3809 Date d'inscription Statut Contributeur Dernière intervention -
1 réponse
CETTE INFORMATION N'EST PAS EXACTE AU SENS QU'ELLE A ETE DEMANTIE PAR L'AUTEUR LUI MEME.
Mr Michal Zalewski a publié une mise à jour de son premier message indiquant que MICROSOFT INTERNET EXPLORER est VULNERABLE!!!
extrait:
"To all those who considered my original post to be a great propaganda
ammunition for praising MSIE, bad news - although it did take a longer
while for it to give up - three hours - (impressive by comparison to
competitors), it eventually did:
http://lcamtuf.coredump.cx/mangleme/gallery/ie_die1.html
Tested on 6.0.2800.1106, dies in mshtml.dll. This is a NULL pointer
dereference, so merely a DoS condition, but still an evident flaw in
basic HTML parsing.
******************************************************************
* This means that VIRTUALLY EVERY BROWSER IN USE TODAY is unable *
* to securely render HTML. Keeping in mind that not only web *
* browsing, but also integrated e-mail is at risk, it is a grim *
* thought. *
******************************************************************"
article complet ici:
http://www.securityfocus.com/archive/1/379207/2004-10-22/2004-10-28/0
DEMONSTRATION:
http://lcamtuf.coredump.cx/mangleme/gallery/ie_die1.html
Cette news se devait donc d'être mise à jour.
Mr Michal Zalewski a publié une mise à jour de son premier message indiquant que MICROSOFT INTERNET EXPLORER est VULNERABLE!!!
extrait:
"To all those who considered my original post to be a great propaganda
ammunition for praising MSIE, bad news - although it did take a longer
while for it to give up - three hours - (impressive by comparison to
competitors), it eventually did:
http://lcamtuf.coredump.cx/mangleme/gallery/ie_die1.html
Tested on 6.0.2800.1106, dies in mshtml.dll. This is a NULL pointer
dereference, so merely a DoS condition, but still an evident flaw in
basic HTML parsing.
******************************************************************
* This means that VIRTUALLY EVERY BROWSER IN USE TODAY is unable *
* to securely render HTML. Keeping in mind that not only web *
* browsing, but also integrated e-mail is at risk, it is a grim *
* thought. *
******************************************************************"
article complet ici:
http://www.securityfocus.com/archive/1/379207/2004-10-22/2004-10-28/0
DEMONSTRATION:
http://lcamtuf.coredump.cx/mangleme/gallery/ie_die1.html
Cette news se devait donc d'être mise à jour.