Gary Langston: Microsoft has released out-of-band updates to address a critical use-after-free vulnerability in Internet Explorer versions 6 through 11, including IE versions running on Windows XP. US-CERT recommends that users and administrators review Microsoft Security Bulletin MS14-021 and apply the necessary updates as soon as possible.

Friday, May 2, 2014

Microsoft has released out-of-band updates to address a critical use-after-free vulnerability in Internet Explorer versions 6 through 11, including IE versions running on Windows XP. US-CERT recommends that users and administrators review Microsoft Security Bulletin MS14-021 and apply the necessary updates as soon as possible.

Microsoft has released out-of-band updates to address a critical use-after-free vulnerability in Internet Explorer versions 6 through 11, including IE versions running on Windows XP.

US-CERT recommends that users and administrators review Microsoft Security Bulletin MS14-021 and apply the necessary updates as soon as possible.

#include 
#include 

#define BUFSIZER1   512
#define BUFSIZER2   ((BUFSIZER1/2) - 8)

int main(int argc, char **argv) {   
    char *buf1R1;
    char *buf2R1;
    char *buf2R2;
    char *buf3R2;

    buf1R1 = (char *) malloc(BUFSIZER1);
    buf2R1 = (char *) malloc(BUFSIZER1);

    free(buf2R1);

    buf2R2 = (char *) malloc(BUFSIZER2);
    buf3R2 = (char *) malloc(BUFSIZER2);

    strncpy(buf2R1, argv[1], BUFSIZER1-1);
    free(buf1R1);
    free(buf2R2);
    free(buf3R2);
}

 char* ptr = (char*)malloc (SIZE);
 ...
 if (err) {
  abrt = 1;
  free(ptr);
 }
 ...
 if (abrt) {
  logError("operation aborted before commit", ptr);
 }

Pages

Friday, May 2, 2014