__/ [ Roy Culley ] on Wednesday 26 April 2006 11:30 \__
> TITLE:
> Internet Explorer "object" Tag Memory Corruption Code Execution
>
> SECUNIA ADVISORY ID:
> SA19762
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/19762/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Internet Explorer 6.x
> http://secunia.com/product/11/
>
> DESCRIPTION:
> Michal Zalewski has discovered a vulnerability in Internet
> Explorer, which can be exploited by malicious people to compromise
> a users system.
>
> The vulnerability is caused due to an error in the processing of
> certain sequences of nested "object" HTML tags. This can be
> exploited to corrupt memory by tricking a user into visiting a
> malicious web site.
>
> Successful exploitation allows execution of arbitrary code.
>
> The vulnerability has been confirmed on a fully patched system
> with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other
> versions may also be affected.
>
> SOLUTION:
> Do not visit untrusted web sites.
>
> Surely that solution means you just can't use IE. The real solution is
> to change to firefox, opera, ... anything other than IE.
Nobody panic! Everything will be all right when Internet Explorer 7 comes
out...
http://www.cnn.com/2006/TECH/internet/04/25/microsoft.explorer.ap/index.html?section=cnn_tech
,----[ Quote ]
| The new beta, available Tuesday for free download to English-languages
| customers, includes fixes for problems that were causing Internet
| Explorer 7 to stop working, said Dean Hachamovitch, general manager
| in charge of Internet Explorer development.
`----
Nothing to see here. Please move along.
Best wishes,
Roy
--
Roy S. Schestowitz | Vista: as the reputation of "Longhorn" was mucked
http://Schestowitz.com | SuSE Linux ¦ PGP-Key: 0x74572E8E
11:55am up 3 days 21:06, 9 users, load average: 1.24, 1.01, 0.86
http://iuron.com - next generation of search paradigms
|
|