TITLE:
Internet Explorer "object" Tag Memory Corruption Code Execution
SECUNIA ADVISORY ID:
SA19762
RELEASE DATE:
2006-04-25
VERIFY ADVISORY:
http://secunia.com/advisories/19762/
CRITICAL:
Highly critical
WHERE:
From remote
IMPACT:
System access
SOFTWARE:
Microsoft Internet Explorer 6.x
DESCRIPTION:
Michal Zalewski has discovered a vulnerability in Internet Explorer,
which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the processing of certain
sequences of nested "object" HTML tags. This can be exploited to corrupt
memory by tricking a user into visiting a malicious web site.
Successful exploitation allows execution of arbitrary code.
The vulnerability has been confirmed on a fully patched system with
Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may
also be affected.
SOLUTION:
Do not visit untrusted web sites.
REPORTED BY CREDITS:
Michal Zalewski
ORIGINAL ADVISORY:
Michal Zalewski:
http://lists.grok.org.uk/piperma...isclosure/2006-April/045422.html
--
Love is baking a cake at 4:30 am, on a Monday
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
