ActiveWin.com - The Most Activated Windows Resource

ActiveWin

User Controls

New User

Edit/View My Profile

Active Network

ActiveMac

ActiveWin

ActiveXbox

DirectX

Downloads

FAQs

Interviews

MS Games & Hardware

Reviews

Rocky Bytes

Support Center

TopTechTips

Windows 2000

Windows Me

Windows Server 2003

Windows Vista

Windows XP

News Centers

Windows/Microsoft

Apple/Mac

Xbox/Xbox 360

News Search

XML/RSS Newsfeeds

Pocket PC Site

FAQ's

Windows Vista

Windows 98/98 SE

Windows 2000

Windows Me

Windows Server 2003

Windows XP

Windows 7

Windows 8

Internet Explorer 6

Internet Explorer 5

Xbox 360

Xbox

DirectX

DVD's

Latest Reviews

Xbox/Games

Fable 2

Applications

Windows Server 2008 R2

Windows 7

Adobe CS5 Master Collection

Hardware

Microsoft Express Mouse

Latest Interviews

Mike Swanson

Site News/Info

About This Site

Advertise

Affiliates

Default Home Page

Link To Us

Open source firm releases patch for IE spoofing flaw

Time: 10:56 EST/15:56 GMT | News Source: E-Mail | Posted By: Robert Stein

An open source and freeware software development web site has released a patch to fix the URL spoofing vulnerability in Internet Explorer, which can be exploited by scammers who try to trick people into revealing details of online banking accounts or other private information. Openwares.org, a Vaunatian company, with branches in Israel, the US and France, released the patch and the source code for the same a couple of days back. The company has also set up two pages where users can test to see if they are vulnerable to the exploit, one a fake Microsoft Update example and the other an example of a fake PayPal site.

Read Only Comments
Return to News

Displaying Comments 1 through 4 of 4

This is an archived static copy of ActiveWin.com.

#1 By 1989 (69.11.240.35) at Friday, December 19, 2003 11:09:36 AM

Don't know if it is true or not, but I read on Slashdot (I know...) that it really isn't a fix at all and contains a buffer overrun.

#2 By 19992 (164.214.4.61) at Friday, December 19, 2003 12:57:57 PM

#2 If you don't trust them just download the source, view it yourself and if all is fine with it compile it and use it, if the code seems suspicious, don't use it.

Interesting that you deflect any mention of a problem with IE over to another program not mentioned anywhere in the article at all...

This post was edited by happyguy on Friday, December 19, 2003 at 12:58.

#3 By 19992 (164.214.4.61) at Friday, December 19, 2003 01:28:43 PM

#5 Yeah, it does look like it sends the addresses to openwares.org, but I haven't seen anything about a buffer overflow, can you site some sources on that?

He's not deflecting mention of the problem with IE. In fact, he mentioned the fact that there was a vulnerability, and that it's not as serious as openwares claims it is.

True enough, I misworded my post, but parker does seem to be attempting to deflect attention away from the seriousness of the IE bug by involving a bug in a program that had absolutely nothing to do with this news article.

#4 By 12071 (203.217.24.43) at Sunday, December 21, 2003 02:18:41 AM

#16 Geez you whinge a lot! Would you like someone to re-write the patch in VB for you so that you can understand it? You're bitching that the patch is undocumented, there's really two things to say to that. First of all, if you know C++, then it's documented - the source code is simple enough to follow! Secondly, at least you have the source code (if you need it) to this patch, you have sweet jack all to the closed source program it patches.

Finally, at the time that you were busy posting your comment, v2 of the patch (including the source code) had already been released which fixed the buffer overflows and memory leaks that v1 had! That's not to say that v1 was good to be released - someone rushed in a bit too fast and they deserve everything they got for using strcpy!!

replica watches