昨天,在调试程序的时候,偶然发现IE5.5的一个bug Yesterday, when the debugger, accidentally discovered a bug in IE5.5
假如我们建立一个print.htm页面,内容如下: If we create a print.htm page, as follows:
当IE5.5以上版本在浏览这个页面的时候,会导致IE崩溃。 When the IE5.5 above visit this page at the time, will cause IE to crash.
初步分析是IE的打印准备工作的处理先后顺序有问题,导致指针违规访问。 IE is printing an initial analysis of the preparatory work order processing problems, leading to a pointer access violation.
这个bug可以允许服务器端攻击客户端。 This bug allows a client server-side attacks.
我当即发信给微软的安全部门,他们的答复大致如下: I immediately wrote to Microsoft's security department, their reply is as follows:
“我们认为导致一个应用程序崩溃的方法很多,只有导致系统完全崩溃或者能控制的溢出我们才认为是安全漏洞......” "We have an application that led to the collapse of many ways, and only cause a system crash or be able to control completely the overflow vulnerabilities we think ......"
呵呵,很像微软的风格...... Oh, much like Microsoft's style ......
测试的结果是,IE5.5 IE6.0都有这个问题 Test results, IE5.5 IE6.0 has this problem
Patching Heroes...... Patching Heroes ......
中华补天 China Sky
Tidak ada komentar:
Posting Komentar