Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
[Full-disclosure] hlink.dll: is IE affected?
From: Paul Szabo (pszmaths.usyd.edu.au)
Date: Sun Jun 25 2006 - 05:01:41 CDT
MSRC says in http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx :
this is actually a vulnerability in hlink.dll which is a Windows component
so has much wider exposure than just Excel, as identified also e.g. in
I had thought that hlink.dll was an IE component. So I wonder: is IE
affected? A simple test seems to suggest IE refuses to recognize
<a href="AAA... 4kbytes or over ...AAA">
as a clickable link. Does this mean that the "buffer overflow protection"
was mistakenly built into IE, instead of the library? Could there be
instances where IE calls hlink without a sanity-check?
What other software (besides Office and IE) uses hlink?
Paul Szabo pszmaths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/