Yet Another IE Flaw (YAIEF)
Today, if you are plagued with farcical fulminations from Firefox fans or self-satisfied smirks from Safari sympathizers, it may be because of this, from Secunia:
"Michal Zalewski has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the processing of certain sequences of nested 'object' HTML tags. This can be exploited to corrupt memory by tricking a user into visiting a malicious web site. Successful exploitation allows execution of arbitrary code."
Thanks to diligent reader Karl Prince for the heads-up.
I remember back in the mid-90's, we used to joke about a bug-of-the-month club for Sendmail. Well, Sendmail has gotten far better, but perhaps we need a bug-of-the-week club, or even a zero-day-of-the-week (ZDotW) club for IE?
--Ed Skoudis
Intelguardians.
"Michal Zalewski has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the processing of certain sequences of nested 'object' HTML tags. This can be exploited to corrupt memory by tricking a user into visiting a malicious web site. Successful exploitation allows execution of arbitrary code."
Thanks to diligent reader Karl Prince for the heads-up.
I remember back in the mid-90's, we used to joke about a bug-of-the-month club for Sendmail. Well, Sendmail has gotten far better, but perhaps we need a bug-of-the-week club, or even a zero-day-of-the-week (ZDotW) club for IE?
--Ed Skoudis
Intelguardians.
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments