October 16th, 2005, 10:12 PM
ok, for one of our classes we have to list one of the buffer overrun vulnerabilities, "how it happens" and what the fix would do for the latest version of IE. i've looked in the IE fixes and all they say are "fixes buffer overrun vuln for IE" but doesn't go into detail about how.
if anyone who happens to know would help, that would be wonderful.
\"People should not be afraid of their governments. Governments should be afraid of their people.\" - V
October 16th, 2005, 10:28 PM
I am afraid that at that level my eyes tend to glaze over
You might look at the EEYE, BUGTRAQ, CERT and CIAC sites though? There are frequently links to more detailed explanations there
If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?
October 16th, 2005, 11:40 PM
If you want to learn how buffer overflows actually work, I would recommend reading Smashing The Stack For Fun And Profit. It is the authoritative paper on the subject.
But your teacher may only be looking for a description of which buffer/variable is overflowed and specifically how it is made to overflow, and not all the nitty gritty technical details about what happens after the fact. As nihil said, the bugtraq, cert, cve, and such sites are excellent places to find the internals of a vulnerability.
Government is like fire - a handy servant, but a dangerous master - George Washington
Government is not reason, it is not eloquence - it is force. - George Washington.
Join the UnError