Friday, May 2, 2014

Microsoft has released out-of-band updates to address a critical use-after-free vulnerability in Internet Explorer versions 6 through 11, including IE versions running on Windows XP. US-CERT recommends that users and administrators review Microsoft Security Bulletin MS14-021 and apply the necessary updates as soon as possible.

Microsoft has released out-of-band updates to address a critical use-after-free vulnerability in Internet Explorer versions 6 through 11, including IE versions running on Windows XP.


US-CERT recommends that users and administrators review Microsoft Security Bulletin MS14-021 and apply the necessary updates as soon as possible.





#include 
#include

#define BUFSIZER1 512
#define BUFSIZER2 ((BUFSIZER1/2) - 8)

int main(int argc, char **argv) {
char *buf1R1;
char *buf2R1;
char *buf2R2;
char *buf3R2;

buf1R1 = (char *) malloc(BUFSIZER1);
buf2R1 = (char *) malloc(BUFSIZER1);

free(buf2R1);

buf2R2 = (char *) malloc(BUFSIZER2);
buf3R2 = (char *) malloc(BUFSIZER2);

strncpy(buf2R1, argv[1], BUFSIZER1-1);
free(buf1R1);
free(buf2R2);
free(buf3R2);
}
 char* ptr = (char*)malloc (SIZE);
...
if (err) {
abrt = 1;
free(ptr);
}
...
if (abrt) {
logError("operation aborted before commit", ptr);
}

No comments:

Post a Comment

Comments are Welcome.