Kare isu
Zvinoshamisa kuti, Kolsek pakutanga haana kukwanisa kuburitsa kurwiswa kwakatsanangurwa uye kwakaratidzwa naJohn, kwaakashandisa Internet Explorer ichimhanya Windows 7 kurodha uye ovhura faira reMHT rakashata. Kunyange zvazvo mutungamiri wake wepurogiramu akaratidza kuti system.ini, iyo yakarongwa kubiwa kubva kwaari, yakaverengwa ne script yakavanzwa mufaira reMHT, asi haina kutumirwa kune server iri kure.
"Izvi zvaiita senge chiitiko chekare-che-we-Web," Kolsek anonyora. "Kana faira ragamuchirwa kubva paInternet, rinomhanya nemaWindows application senge mabhurawuza ewebhu uye email vatengi vanowedzera label kufaira rakadaro mufomu.
Muongorori akasimbisa kuti IE yakanyatso kuseta label yakadaro yefaira reMHT rakatorwa. Kolsek akabva aedza kudhawunirodha faira rimwe chete uchishandisa Edge nekurivhura muIE, inosara iri iyo default application yeMHT mafaera. Nenzira isingakarirwi, kushandiswa kwacho kwakashanda.
Chekutanga, muongorori akatarisa "mark-of-the-Web", zvakazoitika kuti Edge zvakare inochengeta kwainobva faira mune imwe nzira yedata rwizi mukuwedzera kune chekuchengetedza identifier, iyo inogona kumutsa mimwe mibvunzo maererano nekuvanzika kweichi. nzira. Kolsek akafungidzira kuti mitsara yekuwedzera inogona kunge yakavhiringidza IE uye ichiidzivirira kubva pakuverenga SID, asi sezvazvinozoitika, dambudziko raive kumwewo. Mushure mekuongorora kwenguva refu, nyanzvi yezvekuchengetedza yakawana chikonzero mune zvinyorwa zviviri mune yekuwana yekudzora runyorwa iyo yakawedzera kodzero yekuverenga iyo MHT faira kune imwe system sevhisi, iyo Edge yakawedzera ipapo mushure mekurodha.
James Foreshaw kubva kuchikwata chakatsaurirwa chezuva-zero - Google Project Zero -
Zvadaro, muongorori aida kunzwisisa zviri nani kuti chii chinoita kuti IE's chengetedzo system ikundikane. Ongororo yakadzama ichishandisa process Monitor utility uye IDA disassembler yakazoburitsa kuti Edge's set resolution yakatadzisa Win Api basa GetZoneFromAlternateDataStreamEx kuverenga Zone.Identifier file stream uye yakadzosa kukanganisa. Kune Internet Explorer, kukanganisa kwakadaro pakukumbira faira rekuchengetedza rabel kwaisatarisirwa zvachose, uye, sezviri pachena, bhurawuza rakaona kuti kukanganisa kwakaenzana nekuti iyo faira yakanga isina "mucherechedzo-we-wewebhu" mucherechedzo, izvo zvinoita kuti ivimbike, mushure mekuti nei IE yakabvumira script yakavanzwa muMHT faira kuti iite uye kutumira iyo inotarirwa faira renzvimbo kune iri kure server.
"Uri kuona kutsvinya uku?" anobvunza Kolsek. "Chinhu chekuchengetedza chisina kunyorwa chinoshandiswa naEdge chakamisa chiripo, pasina mubvunzo chakanyanya kukosha (mucherechedzo weWebhu) muInternet Explorer."
Zvisinei nekuwedzera kukosha kwekusagadzikana, izvo zvinobvumira script yakaipa kuti imhanyirwe sechinyorwa chinovimbika, hapana chinoratidza kuti Microsoft inotarisira kugadzirisa iyo bug chero nguva munguva pfupi, kana ikazogadziriswa. Naizvozvo, isu tichiri kukurudzira kuti, sechinyorwa chakapfuura, iwe uchinje iyo default chirongwa chekuvhura MHT mafaera kune chero browser yemazuva ano.
Ehe, tsvakiridzo yaKolsek haina kuenda pasina kudiki-PR. Pakupera kwechinyorwa, akaratidza chigamba chidiki chakanyorwa mumutauro wegungano chinogona kushandisa 0patch sevhisi yakagadzirwa nekambani yake. 0patch inoona otomatiki software pakombiyuta yemushandisi uye inoshandisa zvigamba zvidiki pairi panhunzi. Semuenzaniso, mune iyo yatakatsanangura, 0patch ichatsiva iyo yekukanganisa meseji muGetZoneFromAlternateDataStreamEx basa ine kukosha kunoenderana nefaira isina kuvimbwa yakagamuchirwa kubva kunetiweki, kuitira kuti IE isabvumire chero akavanzika script kuti aitwe zvinoenderana neakavakirwa- mune zvekuchengetedza mutemo.
Source: 3dnews.ru