CNET is carrying two Microsoft stories today. The first is about unpatched image vulnerabilities in IE SP2. According to the release, four proof of concepts have been released that crash the latest version of internet explorer. The bug release, on security focus, reads:

Microsoft Internet Explorer is prone to a buffer overflow vulnerability in the JPEG image rendering library used by the browser. This issue is due to a failure of the application to properly bounds check input data prior to copying it to a fixed size memory buffer.

This issue was identified by creating random input for the browser, and has not been researched further at this time. This BID will be updated as further information is disclosed.

Successful exploitation may result in execution of arbitrary code in the context of the user executing the affected browser.

As such, it may or may not be exploitable, but it certainly is a bug. The second is advance speculation on the true name of Longhorn:

Rumor has it that Microsoft plans to use Vista as the official name for the next version of Windows, which has been known by its codename, Longhorn.

Personally, I think Windows Vista sounds a bit odd…

Add New Comment

Subscribe:  This Thread

Go to:  My Comments ·  Community Page

Sort thread by: Hot comments Best comments Newest first Oldest first

Viewing 1 Comment

Thanks. Your comment is awaiting approval by a moderator.

Do you already have an account? Log in and claim this comment.

• 
  • 
  • 
  

  • Permalink
  • Admin
  • • Remove Post
    • Block email
    • Block IP address

  orangeguru 3 years ago 1 point

  Please login to rate.

  Do you already have an account? Log in and claim this comment.

  Vistaschmista.
  
  Vista is so 1950's.
  
  I think the naming Windows 95, 98 and 2000 worked best (for me).
  reply  edit  reblog  flag
  http://www.orangeguru.net/weblog/ /people/7bb5d7df105a1f1a0e65ce3390754189/

 

Add New Comment

Trackbacks

(Trackback URL)