Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Patch Train Leaves the Station

Posted by CmdrTaco on Wednesday June 15, 2005 @02:20AM from the a-whole-lotta-security-going-on dept.

per1176 writes "Microsoft has released 10 advisories to cover a dozen security vulnerabilities, including a "critical" cumulative update for the Internet Explorer browser. The IE fix corrects a remote code-execution vulnerability that exists due to the way the browser handles PNG (Portable Network Graphics) files."

2 of 361 comments (clear)

Min score:

Reason:

Sort:

Reminds me of the JPG buffer overflow by Nos. · 2005-06-15 02:24 · Score: 5, Insightful

After the jpg incident, wouldn't you tend to look at the code handling other image formats for similar problems? Guess not.
Re:IE PNGs by Anonymous Coward · 2005-06-15 03:14 · Score: 5, Insightful

The alpha channel is optinal in the PNG file format, _not_ in the PNG recommendation itself. The browser still has to be able to handle PNGs with alpha channels to be fully compliant with PNG pictures, even though users might choose not to supply an alpha channel with their picture.