Sponsor for PC Pals Forum

Author Topic: New vulnerability in IE uncovered  (Read 633 times)

Offline Clive

  • Administrator
  • *****
  • Posts: 75153
  • Won Quiz of the Year 2015,2016,2017, 2020, 2021
New vulnerability in IE uncovered
« on: March 23, 2006, 15:28 »
PC-Pro

A security researcher has discovered a new vulnerability in Internet Explorer 6. Specially crafted HTML tags built into a web page can cause IE to crash.

In a security notification, Michal Zalewski writes 'This might not come as a surprise, but there appears to be a *very* interesting and apparently very much exploitable overflow in Microsoft Internet Explorer'.

The vulnerability is caused by an array boundary error in the handling of HTML tags with multiple event handlers. According to security firm Secunia, by specifying a tag with 94 or more event handlers IE will then attempt to write memory array out of bounds.

Zalewski says the exploit works with a fully patched version of Internet Explorer 6 with Windows XP Service Pack 2. Other browsers such as Firefox and Opera are not susceptible to the flaw. Nevertheless, Secunia has marked the exploit as 'non-critical'.

Microsoft says it is aware of the problem and is looking into it. However, given the 'non-critical' nature of the vulnerability, the earliest a fix is likely to appear is on the next 'patch Tuesday' in April.

Anyone who feels like experiencing the exploit themselves Zalewski offers a site where visitors can crash their browser.

Online Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
New vulnerability in IE uncovered
« Reply #1 on: March 23, 2006, 20:33 »
Who needs special sites to crash IE?  :grin:
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:


Show unread posts since last visit.
Sponsor for PC Pals Forum