One Article Review
| Source |  Network World |
|---|---|
| Identifiant | 331643 |
| Date de publication | 2017-03-08 06:46:00 (vue: 2017-03-08 06:46:00) |
| Titre | Third-party releases \'nano-patch\' for Microsoft zero day bug |
| Texte | The delay in last month's Patch Tuesday fixes has caused considerable angst given there were several known problems, including two disclosed by Google.Microsoft is on track, as far as we know, for a patch release next week, but one company isn't waiting. It has issued its own fix for a minor bug.A U.K. security company called ACROS Security has released what they call their first "nano-patch" for CVE-2017-0038, a bug in EMF image format parsing logic that does not adequately check image dimensions specified in the image file being parsed against the amount of pixels in the file.If image dimensions are large enough, the parser is tricked into reading memory contents beyond the memory-mapped EMF file being parsed. An attacker could use this vulnerability to steal sensitive data in memory or as an aid in other exploits when ASLR needs to be defeated.To read this article in full or to leave a comment, please click here |
| Envoyé | Oui |
| Condensat | 0038 2017 acros adequately against aid amount angst are article aslr attacker being beyond bug but call called caused check click comment company considerable contents could cve data day defeated delay dimensions disclosed does emf enough exploits far file first fix fixes format full given google has here image including isn issued its know known large last leave logic mapped memory microsoft minor month nano needs next not one other own parsed parser parsing party patch pixels please problems read reading release released releases security sensitive several specified steal third track tricked tuesday two use vulnerability waiting week what when zero |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.