PG 3.0 and new IE Iframe vulnerability

Discussion in 'ProcessGuard' started by LM1, Nov 9, 2004.

Thread Status:
Not open for further replies.
  1. LM1

    LM1 Registered Member

    Joined:
    Nov 7, 2004
    Posts:
    34
    Does the full/free version of PG 3.0 address the recently disclosed (Secunia), and still unpatched, extremely critical IFRAME buffer overflow vulnerability in IE?
     
  2. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    I don't think so. After all, it is IE modifying itself. Note that XP SP2 seems to prevent the exploit.

    To quote the advisory:

    PG can't possibly plug all the MS holes, can it? ;P

    HTH,
    Andreas
     
  3. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    If the vulnerability ends up running another process, then that can be blocked by ProcessGuard. But as Andreas said, you can't really prevent one application from modifying itself as is the case with some bugs.
     
Thread Status:
Not open for further replies.