Third-party patches

At Determina I developed a series of free patches for critical zero-day vulnerabilities in Internet Explorer before Microsoft released their official patch. These vulnerabilities have long since been fixed, but the patches are still available for reference.

The techniques used to produce these patches were discussed in the presentation Hotpatching and the Rise of Third-Party Patches at BlackHat USA 2006.

Animated cursor stack overflow

This is a runtime fix for the Animated Cursor stack overflow vulnerability (CVE-2007-0038) affecting Internet Explorer, Mozilla Firefox, Microsoft Outlook and many other applications. It can be applied to Windows 2000 SP4, XP SP2 and 2003 SP1-2 systems and patches the vulnerabile code in memory, without modifying any files on disk.

This fix was released on Apr 2, 2007

Downloads:

Vendor status:

Internet Explorer WebViewFolderIcon setSlice integer overflow

This is a runtime fix for the Internet Explorer WebViewFolderIcon setSlice vulnerability (CVE-2006-3730). It can be applied to Windows 2000, XP and 2003 systems and patches the vulnerabile code in memory, without modifying any files on disk. To test if you are vulnerable, please use the following test page. When the zero-day patch is installed, Internet Explorer will be protected silently and the test page will not crash your browser.

This fix was released on Sep 29, 2006

Downloads:

Vendor status:

Internet Explorer createTextRange Vulnerability

This is a runtime fix for the Internet Explorer createTextRange vulnerability (CVE-2006-1359). It can be applied to Windows 2000, XP and 2003 systems and patches the vulnerabile code in memory, without modifying any files on disk.

This fix was released on Mar 27, 2006

Downloads:

Vendor status: