Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Patch Train Leaves the Station

Posted by CmdrTaco on from the a-whole-lotta-security-going-on dept.

per1176 writes "Microsoft has released 10 advisories to cover a dozen security vulnerabilities, including a "critical" cumulative update for the Internet Explorer browser. The IE fix corrects a remote code-execution vulnerability that exists due to the way the browser handles PNG (Portable Network Graphics) files."

8 of 361 comments (clear)

  1. Large size crash by Anonymous Coward · · Score: 5, Interesting

    Does this fix the crash with large streched images?
    ie width=9999999 height=999999 in an

  2. Reminds me of the JPG buffer overflow by Nos. · · Score: 5, Insightful

    After the jpg incident, wouldn't you tend to look at the code handling other image formats for similar problems? Guess not.

    1. Re:Reminds me of the JPG buffer overflow by Anonymous Coward · · Score: 5, Informative

      ...the Finish University of Uola...

      You probably meant the Finnish university of Oulu.

  3. Re:IE PNGs by swilde23 · · Score: 5, Informative
    That's mostly true... but you can mangle your way around it...

    http://blogs.msdn.com/dmassy/archive/2004/08/05/20 9428.aspx

    Believe me, I would rather just use a different browser (one has security holes of its own. As much as the creators of firefox would like to believe they have the perfect browser, any major piece of software is going to have bugs.

    The smart developers call these bugs... features :)

    The truth is though, most people don't know about anything other then ie. Why else would it show up with more then 80% of the hits on the websites we run. People don't like change. They like ie because it works out of the box with Windows. No extra installing, no "scary" configurations, no extra work on their part. If you want to convince people not to use ie, don't post messages on /. discussing the various security holes involved with png images. Go out and convince MS to stop packaging it with their os. Make people have to do a little work to get on the internet. Maybe then they'll start to think a little about what they are doing.

    --
    There are 10 types of people in the world. Those that understand this sig, and those that beat up people who do.
  4. All aboard! by AtariAmarok · · Score: 5, Funny
    "MS Patch Train Leaves the Station"

    Otherwise known as the Bugwarts Express. To find the boarding platform, run your luggage cart full tilt into that blue screen.

    --
    Don't blame Durga. I voted for Centauri.
  5. Re:Venture to guess? by Joe+Decker · · Score: 5, Funny
    Check your god damn code

    Using an interjection when you mean a adjectival phrase is an amateur mistake. Check your God-damned grammar.

    --
    I'm a nature photographer.
  6. Re:IE PNGs by theborg1of4 · · Score: 5, Informative

    I'm not sure if I understand your use of the word "barely". IE supports PNG as per the W3C recommendation, including binary transparency. IE doesn't support optional alpha channel transparency:

    http://www.w3.org/Graphics/PNG/

    From the first paragraph:

    "Indexed-color, grayscale, and truecolor images are supported, plus an optional alpha channel for transparency."

    While it would be nice if they supported the optional features, it's actually the developers who continue to use alpha channel transparency PNG that are deviating from the W3C recommendation.

  7. Re:IE PNGs by Anonymous Coward · · Score: 5, Insightful

    The alpha channel is optinal in the PNG file format, _not_ in the PNG recommendation itself. The browser still has to be able to handle PNGs with alpha channels to be fully compliant with PNG pictures, even though users might choose not to supply an alpha channel with their picture.