Invalid pointer reference
Lutger
lutger.blijdestijn at gmail.com
Tue Jan 19 04:17:22 PST 2010
On 01/19/2010 08:11 AM, bearophile wrote:
> Another of those billion dollar mistakes D2 will not be able to avoid!
>
> http://www.microsoft.com/technet/security/advisory/979352.mspx
>
>> Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are vulnerable. The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.<
>
> In future if I can I'll keep posting here other widely destructive examples of this class of bugs.
>
> Bye,
> bearophile
SafeD?
More information about the Digitalmars-d
mailing list