Some additional information: It was pointed out to me that I did not adequately explain that WININET is widely used by Microsoft applications to handle HTTP requests, *AND* probably be all third-party applications that use Windows APIs to make HTTP requests. All these applications may be vulnerable to the issue, though it may be hard to exploit in most (if not all). According to Microsoft this issue affected MSIE and Edge and was fixed through MS16-104 (MSIE) and MS16-105 (Edge). Unfortunately, the below email failed to mention MS16-104. I do not know why Microsoft did not mention other applications in their bulletins, nor why they have two fixes for specific applications (their browsers), rather than one fix for a component of the Windows Operating System. One wonders what would happen on a system where you have previously uninstalled both MSIE and Edge: do neither of the fixes apply and will your system be left vulnerable? Let me know if you found out! Cheers, SkyLined On 10-11-2016 10:49, Berend-Jan Wever wrote: > Throughout November, I plan to release details on vulnerabilities I > found in web-browsers which I've not released before. This is the > eight entry in that series, although this particular vulnerability does > not just affect web-browsers, but all applications that use WININET to > make HTTP requests. > > The below information is available in more detail on my blog at > http://blog.skylined.nl/20161110001.html. There you can find a repro > that triggered this issue in addition to the information below. > > Follow me on http://twitter.com/berendjanwever for daily browser bugs. > > WININET CHttpHeaderParser::ParseStatusLine out-of-bounds read > ============================================================= > (MS16-105, CVE-2016-3325) > > Synopsis >
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment