Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Concurrency strikes MSIE (potentially exploitable msxml3 flaws) InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Concurrency strikes MSIE (potentially exploitable msxml3 flaws)

Published: 2007-01-05
Last Updated: 2007-01-09 02:29:36 UTC
by Adrien de Beaupre (Version: 1)
0 comment(s)
As reported on full-disclosure, MS Internet Explorer is vulnerable to a race condition. The PoC is a Denial of Service, it causes IE 6 to stop responding when tested, other versions are also likely vulnerable. Likely more to report on this flaw in the AM. The author reports that it is possible this issue could lead to remote compromise.

CVE will be CVE-2007-0099

Adrien de Beaupre 
0 comment(s)
Diary Archives