__/ [ Roy Culley ] on Wednesday 26 April 2006 11:30 \__
> Internet Explorer "object" Tag Memory Corruption Code Execution
> SECUNIA ADVISORY ID:
> VERIFY ADVISORY:
> Highly critical
> System access
> From remote
> Microsoft Internet Explorer 6.x
> Michal Zalewski has discovered a vulnerability in Internet
> Explorer, which can be exploited by malicious people to compromise
> a users system.
> The vulnerability is caused due to an error in the processing of
> certain sequences of nested "object" HTML tags. This can be
> exploited to corrupt memory by tricking a user into visiting a
> malicious web site.
> Successful exploitation allows execution of arbitrary code.
> The vulnerability has been confirmed on a fully patched system
> with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other
> versions may also be affected.
> Do not visit untrusted web sites.
> Surely that solution means you just can't use IE. The real solution is
> to change to firefox, opera, ... anything other than IE.
Nobody panic! Everything will be all right when Internet Explorer 7 comes
,----[ Quote ]
| The new beta, available Tuesday for free download to English-languages
| customers, includes fixes for problems that were causing Internet
| Explorer 7 to stop working, said Dean Hachamovitch, general manager
| in charge of Internet Explorer development.
Nothing to see here. Please move along.
Roy S. Schestowitz | Vista: as the reputation of "Longhorn" was mucked
http://Schestowitz.com | SuSE Linux ¦ PGP-Key: 0x74572E8E
11:55am up 3 days 21:06, 9 users, load average: 1.24, 1.01, 0.86
http://iuron.com - next generation of search paradigms