October 16th, 2005, 10:12 PM
ok, for one of our classes we have to list one of the buffer overrun vulnerabilities, "how it happens" and what the fix would do for the latest version of IE. i've looked in the IE fixes and all they say are "fixes buffer overrun vuln for IE" but doesn't go into detail about how.
if anyone who happens to know would help, that would be wonderful.
\"People should not be afraid of their governments. Governments should be afraid of their people.\" - V
October 16th, 2005, 10:28 PM
I am afraid that at that level my eyes tend to glaze over
You might look at the EEYE, BUGTRAQ, CERT and CIAC sites though? There are frequently links to more detailed explanations there
October 16th, 2005, 11:40 PM
If you want to learn how buffer overflows actually work, I would recommend reading Smashing The Stack For Fun And Profit. It is the authoritative paper on the subject.
But your teacher may only be looking for a description of which buffer/variable is overflowed and specifically how it is made to overflow, and not all the nitty gritty technical details about what happens after the fact. As nihil said, the bugtraq, cert, cve, and such sites are excellent places to find the internals of a vulnerability.
Government is like fire - a handy servant, but a dangerous master - George Washington
Government is not reason, it is not eloquence - it is force. - George Washington.
Join the UnError