Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Internet Explorer "object" Tag Memory Corruption Code Execution

__/ [ Roy Culley ] on Wednesday 26 April 2006 11:30 \__

>     TITLE:
>     Internet Explorer "object" Tag Memory Corruption Code Execution
> 
>     SECUNIA ADVISORY ID:
>     SA19762
> 
>     VERIFY ADVISORY:
>     http://secunia.com/advisories/19762/
> 
>     CRITICAL:
>     Highly critical
> 
>     IMPACT:
>     System access
> 
>     WHERE:
>     From remote
> 
>     SOFTWARE:
>     Microsoft Internet Explorer 6.x
>     http://secunia.com/product/11/
> 
>     DESCRIPTION:
>     Michal Zalewski has discovered a vulnerability in Internet
>     Explorer, which can be exploited by malicious people to compromise
>     a users system.
> 
>     The vulnerability is caused due to an error in the processing of
>     certain sequences of nested "object" HTML tags. This can be
>     exploited to corrupt memory by tricking a user into visiting a
>     malicious web site.
> 
>     Successful exploitation allows execution of arbitrary code.
> 
>     The vulnerability has been confirmed on a fully patched system
>     with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other
>     versions may also be affected.
> 
>     SOLUTION:
>     Do not visit untrusted web sites.
> 
> Surely that solution means you just can't use IE. The real solution is
> to change to firefox, opera, ... anything other than IE.

Nobody panic! Everything will be all right when Internet Explorer 7 comes
out...

http://www.cnn.com/2006/TECH/internet/04/25/microsoft.explorer.ap/index.html?section=cnn_tech

,----[ Quote ]
| The new beta, available Tuesday for free download to English-languages
| customers, includes fixes for problems that were causing Internet
| Explorer 7 to stop working, said Dean Hachamovitch, general manager
| in charge of Internet Explorer development.
`----

Nothing to see here. Please move along.

Best wishes,

Roy

-- 
Roy S. Schestowitz      | Vista: as the reputation of "Longhorn" was mucked
http://Schestowitz.com  |    SuSE Linux    ¦     PGP-Key: 0x74572E8E
 11:55am  up 3 days 21:06,  9 users,  load average: 1.24, 1.01, 0.86
      http://iuron.com - next generation of search paradigms

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index