RSSNew IE Bug Can Crash Browser
By Ed Oswald | Published March 21, 2006, 10:40 AM
A newly discovered flaw in Internet Explorer can cause the browser to crash when visiting a malicious Web site, security firm Secunia said in an advisory Monday. The flaw was first discovered last week by security researcher Michal Zalewski and posted to a popular security mailing list.
"This might not come as a surprise, but there appears to be a *very* interesting and apparently very much exploitable overflow in Microsoft Internet Explorer," Zalewski wrote in the e-mail.
The problem is caused by an array boundary error in the handling of HTML tags with multiple event handlers. The issue can be exploited to cause Internet Explorer 6 to crash through a specially crafted HTML tag with 94 or more event handlers.
Secunia rates the vulnerability as "not critical," its lowest severity rating, and advised those concerned to avoid untrusted Web sites until the problem is addressed. So far, the problem has been confirmed to exist on a fully patched systems running Internet Explorer 6 with Windows XP Service Pack 2.
Microsoft said it was aware of the vulnerability and was investigating. "At this time, we are not aware of any attacks attempting to use the reported vulnerability," a spokesperson said.
The company would either provide a patch as part of its monthly Patch Tuesday updates, or issue an out-of-cycle update if it feels it is necessary.
IE sucks, it is always crashing or freezing waiting for something to load. Even the Hotmail site sometimes freezes. I guess the advertisements they put there make IE freeze. Get something that is better like opera or firefox.
Score: 0
|Never any issues here. Get something that is better like a 286 or 386 computer. FF fanboy that uses hotmail.....
Score: 0
|IE crash'es ? Get the Beta anything see if you complain anymore or say 'Just Great' , I think i would say other then Mike's not support for Java Sun or the banning of the internet of Asia, well it be a hacker to watch for.Maybe you need a fresh install from a computer manufacture on your P.C. the new PC i bought lasted 8 month's worked just great.Don't install any crap that you can not turn off.. thank's !!
Score: 0
|Too bad Epiphany - a Linux web browser, can not run in Windows World. It's a great browser. Has for IE ^ or 7, people still use it?
Score: 0
|IE7 is public, plz why would u still be using IE6???????????????
Score: 0
|I wasn't aware the final version was released.
Other then that, IE7 is pretty crap :-s It's too slow for my PC :-s
Score: 0
|because IE7's only at beta2 stage and not everyone wants to beta for MS.
Score: 0
|IE7 is still Beta 2, that's why. It isn't even supported officially by microsoft yet (meaning you cannot get help regarding IE7 except through the forums, tech support cannot assist). That's a pretty darn good reason, no?
When/If Windows Vista Beta 3 is public, will you be asking why everyone refuses to use it instead of Windows XP? How about Vista RC1? Why haven't you tried FireFox 2.0 Alpha yet? Oh, you aren't using Office 2007 on your mainframe servers yet?
I think I've made my point.
Score: 0
|I..E..& to the third / WoW / any Beta you are going to install ...put it on a PC that you are wanting to test it.On my PC you will not install that or any of it's goodies. i am not a expert. i have troubles with service pack 2 an installing the updates for my Video card. i care to read this , not Beta of 2009 or 2010 sorry.Install Beta & you format your PC to go back to Explorer 6 / well no thank's sorry !!
Score: 0
|The newer the Operating System then more the power it needs to run it or so called resourses . Good luck with that IE 7>
Score: 0
|I am a developer and have had my share of bugs so I wont fault people over at MS for missing some things here and there. Especially this nonstory...
Score: 0
|How exactly is this different from normal operation? ;-) I will admit that XP is a lot more stable than previous OSs and IE 6 is a big jump ahead, but I still have problems here and there. How do I know when it's an actual exploit and not just a standard "feature" in IE?
Score: 0
|dude, you should totally write your own bug free os and browser. than you could be all like "ha, microsoft is all stupids."
Score: 0
|LOL!!!!!!!!!!!!!!!!
Score: 0
|let me guess how this flaw was discovered ...
i dont think they were visiting disney.com
.......
*** cough !!! porn .. cough !!! ***
Score: 0
|Das is goot! LMAO!
Score: 0
|He got a name that no one could buy right ... bet he will never sell it like a dot com thing ? On a download Tuesday the service is crap all over/ whats the future of our service any ways ?
Score: 0
|Crap!
Time to stop using IE again.
Could you guys stop reporting these, please? I get like, one day a week where I can use this browser and then something else happens. I mean, c'mon... ;P
Score: 0
|IE crashing ????
Surprise!!!!!!
Score: 0
|brilliant comment. Thanks for adding so much insight.
Score: 0
|"At this time, we are not aware of any attacks attempting to use the reported vulnerability," a spokesperson said.
Once the above happens...we will look into it, maybe...
Score: 0
|Ho hum. A browser crashes. Seriously, is that a "vulnerability"? This just sounds like a bug to me.
Score: 0
|Did you even read the article? It says there is an exploitable overflow. That means not only can you crash the browser, you can craft some code to run on the target machine and voila do whatever you want, install a virus, etc
Fun times for IE, as usual.
Score: 0
|Secunia rates the vulnerability as "not critical," its lowest severity rating, and advised those concerned to avoid untrusted Web sites until the problem is addressed.
I read it. It said in the article the worst that can happen is a crash. It's *very* interesting.
*very*
Score: 0
|