Pentium bug, meet the IE 4.0 flaw
Tip News of a system-freezing Pentium error in early November overshadowed discovery of a new security hole in Microsoft Internet Explorer 4.0. Separately, neither bug is likely to bite you. But put them together, throw in a little evil wizardry, and you could have widespread mischief. First, the Pentium problem. It turns out that you can put your Pentium or PMMX processor in a coma by using a simple 4-byte instruction. The problem can be triggered under any operating system if you create the specific illegal instruction. Intel quickly acknowledged the F00F error (named after the instruction's first two bytes) but noted that forestalling lockups requires a patch for each operating system. As we went to press, the patches were available for several versions of UNIX, though not for Windows. Meanwhile, Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised kind) longer than 256 characters in Internet Explorer 4.0, the browser will crash. No big deal, except that anything after the 256th character can be executed on the computer. This manoeuvre, known as a buffer overrun, is just about the oldest hacker trick in the book. Tack some malicious code (say, an executable version of the Pentium-crashing F00F code) onto the end of the URL, and you have the makings of a disaster. Will it ever happen? Probably not. Could it? Sure. The only way to be certain it doesn't is to download Microsoft's IE 4.0 buffer-overrun patch (http://www.microsoft.com/ie/security/?/ie/security/buffer.htm). The fix is included in the IE 4.01 update, which also fixes the installation nightmares and security holes reported in the previous article. (To download the update, select Favorites--Software Updates--Microsoft Internet Explorer in IE 4.0.) - Scott Spanbauer and Neville Clarkson | Category: Bugs and fixes Issue: Mar 1998 Pages: 176 |
These Web pages are produced by Australian PC World © 1997 IDG Communications