Last Updated: 2006-03-22 19:30:08 UTC
by Lorna Hutcheson (Version: 1)
"The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap."
In simpler terms, its a heap overflow just waiting to happen. I doubt will have to wait long for exploit code to be published. There are no security workarounds at this time. We will keep you posted if we find out any additional information.