Hi forum friends,
This bug goes much deeper than was thought at first, re:http://addxorrol.blogspot.com/2009/07/p ... tldll.html
The patch which consisted in setting a kill-bit did nothing fundamentally about the underlying hole, this issue was commented here:http://blog.ncircle.com/blogs/vert/arch ... nough.html
Micosoft knew about the issue for over one year and had already started to contemplate a patch for it as they got startled by seeing this deep bug that could transgress to third party software being abused in the wild. An out of band patch might be in the bargain if more abuse is seen. The hole deep inside Windows seems to be exploitable in various other ways, so setting a kill-bit is not enough.
So MS could have unwillingly introduced leaks into third party software that would not be so easily patched.
What can we do using NoScript against this bug a skeleton that has now crept out of the Microsoft cupboard?
SafeArray another bad concept for a global standard? Horrendously cruddy........the outset is simple, but it rapidly degrades into the stinking mess you see today because the design flaws are right at the center, and are going to haunt us rather sooner than later....
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:126.96.36.199pre) Gecko/20090722 Shiretoko/3.5.2pre