Skip to comments.
Hackers Quickly Target Newly Disclosed Microsoft Flaw
TechWeb - InternetWeek.com ^
| February 10, 2005
| Gregg Keizer
Posted on 02/10/2005 7:31:00 PM PST by Eagle9
click here to read article
Navigation: use the links below to view more comments.
first 1-20, 21-28 next last
1
posted on
02/10/2005 7:31:01 PM PST
by
Eagle9
To: ShadowAce
2
posted on
02/10/2005 7:32:39 PM PST
by
KoRn
To: Eagle9
> ... attacked using malformed PNG image files.
Amazing. PNG is a recent enough graphics file format that
I would have expected even Microsoft to heavily bounds-
check any code that reads it. Guess not.
From another report: "Media Player doesn't properly
handle .png files with excessive width or height."
Pick up jaw. Sigh.
3
posted on
02/10/2005 7:41:41 PM PST
by
Boundless
To: Eagle9
After I get my PowerBook, this PC is going to be used for games and pretty much nothing else.
4
posted on
02/10/2005 7:43:54 PM PST
by
Terpfen
(New Democrat Party motto: les enfant terribles)
Comment #5 Removed by Moderator
To: Boundless
Microsoft still hasn't even implemented transparency in PNG. I soemtimes wonder what microsoft coders do all day. They must have =lots= of meetings at microsoft.
6
posted on
02/10/2005 7:49:58 PM PST
by
zeugma
(Come to the Dark Side...... We have cookies!)
To: zeugma
They must have =lots= of meetings at microsoft.At least one per security hole...(and that's a lot of meetings)
7
posted on
02/10/2005 8:15:39 PM PST
by
sourcery
(This is your country. This is your country under socialism. Any questions? Just say no to Socialism!)
To: Boundless
Amazing. PNG is a recent enough graphics file format that I would have expected even Microsoft to heavily bounds- check any code that reads it Not sure where you get this "recent enough" part. PNGS were available, royalty free circa 1996. We used them in a mud I was part of then.
8
posted on
02/10/2005 8:19:22 PM PST
by
Malsua
To: Boundless
What do you expect from the company that, after all the Y2K hype, puts out a Win2K OS that required manual tweaking to make it Y2K compliant? There seems to be madness in their methodology.
9
posted on
02/10/2005 8:25:37 PM PST
by
trebb
("I am the way... no one comes to the Father, but by me..." - Jesus in John 14:6 (RSV))
To: Malsua
They implemented the original basic PNG format, then as usual with microsoft. Left it in that half-assed state rather than actually fully implement the format. PNG supports transparency and animation similar to GIFs. From what I understand, Microsoft still doesn't support either.
10
posted on
02/10/2005 8:27:36 PM PST
by
zeugma
(Come to the Dark Side...... We have cookies!)
To: William Creel
I am as quick to jump on MS as the next guy, but they do have pateches out for this..
11
posted on
02/10/2005 8:28:31 PM PST
by
N3WBI3
To: Boundless
yeah, wonder if they don't bother to look at the return value of malloc because it would slow down their bloatware even more
To: Eagle9
Simple solution. Update your computer.
13
posted on
02/10/2005 8:33:23 PM PST
by
Cicero
(Marcus Tullius)
To: zeugma
PNG supports transparency and animation similar to GIFs. From what I understand, Yes it does. The JPEG group was trying to extract royalties at the time. It's all so muddled right now, I can't comment accurately. PNGs are lossless. They are better than gifs.
14
posted on
02/10/2005 8:42:14 PM PST
by
Malsua
To: All
To: Cicero
Simple solution. Update your computer.Not as much fun as bitching, apparently.
To: Bush2000
To: Eagle9
A month from now they will have the new fix ...
To: Malsua
>> PNG is a recent enough graphics file format ...
> Not sure where you get this "recent enough" part.
> PNGS were available, royalty free circa 1996.
Which is long after MS would have had corporate awareness
of buffer overflow exploits. They did, after all, include
anti-virus support in DOS 6.x years before that.
When did MS implement PNG support in Windows?
To: yellowhammer
That's actually misleading. After reading more about that vulnerability, it is not a vulnerability in the browsers per se, it is a vulnerability in the
IDN standard, or more precisely, in the introduction thereof to a public not accustomed to dealing with the possibility of non-ASCII characters in hostnames. The only reason IE is not vulnerable is because IE still doesn't support IDN/Punycode, even after it's been around for 3-1/2 years.
20
posted on
02/10/2005 9:15:46 PM PST
by
B Knotts
Navigation: use the links below to view more comments.
first 1-20, 21-28 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson