Home > News

ADVERTISEMENT

News

[PSUs]

Wednesday 22nd March 2006

New vulnerability in IE uncovered 10:42AM, Wednesday 22nd March 2006

A security researcher has discovered a new vulnerability in Internet Explorer 6. Specially crafted HTML tags built into a web page can cause IE to crash.

In a security notification, Michal Zalewski writes 'This might not come as a surprise, but there appears to be a *very* interesting and apparently very much exploitable overflow in Microsoft Internet Explorer'.

The vulnerability

ADVERTISEMENT

is caused by an array boundary error in the handling of HTML tags with multiple event handlers. According to security firm Secunia, by specifying a tag with 94 or more event handlers IE will then attempt to write memory array out of bounds.

Zalewski says the exploit works with a fully patched version of Internet Explorer 6 with Windows XP Service Pack 2. Other browsers such as Firefox and Opera are not susceptible to the flaw. Nevertheless, Secunia has marked the exploit as 'non-critical'.

Microsoft says it is aware of the problem and is looking into it. However, given the 'non-critical' nature of the vulnerability, the earliest a fix is likely to appear is on the next 'patch Tuesday' in April.

Anyone who feels like experiencing the exploit themselves Zalewski offers a site where visitors can crash their browser.

Steve Malone

Submit to: Digg | Slashdot | Del.icio.us | Technorati

Related News

Sponsored Links

Buy HP from PC World
We stock a massive range of HP PCs, laptops, printers & ink online and instore. Reserve online & Collect@Store today.

Offers

Buy HP from PC World

We stock a massive range of HP PCs, laptops, printers & ink online and instore. Reserve online & Collect@Store today.

www.pcworld.co.uk/hp

Compare Broadband

Broadband?

Compare 50+ packages

Enter your postcode below:

Powered by:

Top 10 Broadband

Bookstore Top 5

IT Service Management based on ITIL V3: A Pocket Guide (English Version)
� 11.99

Get To The Top On Google
� 10.49

Excel VBA Programming For Dummies
� 11.89

Adobe Photoshop CS3 Book for Digital Photographers, The
� 21.69

Dreamweaver CS3: The Missing Manual
� 22.39

Latest News

› See more News

Hot Topics

Service and Reliability
PC Pro Awards finalists 2008
Intel Developer Forum
IDF: Dynamic overclocking for Core i7
Listen now
Download the new weekly PC Pro podcast!
Sign up today!
Join PC Pro on Facebook

› See more Hot topics

Columns

Prolog:

There are lots of ways to save money, says Tim Danton, but it's the little things that count. › See full Opinion

› See more Columns

Research Papers

› See more Research Papers

Privacy Statement | Privacy Policy | Company Website | Contact Us | Media Information

© Copyright Dennis Publishing Limited licensed by Felden

Our Other Websites: Auto Express | Computer Buyer | Computer Shopper | Custom PC
Den of Geek | Den of Wii | Evo | Fortean Times | IT Pro | Know Your Mobile
London is Free | MacUser | Men's Fitness | Micro Mart | Mobile Computer
Octane | PC Pro | The First Post | iGizmo | Know your DSLR