Can IE Bug Do More Than Crash Browsers?

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
A newly discovered flaw in Microsoft's Internet Explorer browser can cause the browser to crash and may expose PCs to another round of nasty Internet hack attacks, security firms said Tuesday.

The vulnerability is caused by a "buffer overflow," a flaw that has plagued Internet Explorer in the past. In this case, the flaw allows a malicious attacker to flood the browser with garbage data via a malformed HTML tag. The browser lacks allocated memory to handle the flow of unexpected data and responds to the attack by crashing.

Researchers are now investigating whether this flaw can also be used to inject malicious code into computers, which would allow attackers to remotely control or alter the contents of affected computers.

If so, it's possible that this flaw could allow attack code to enter computers when users simply visit a malicious Web site. There is currently no patch or workaround that can protect users from the fallout.

"A Web browser crash by itself is basically a non-event, a nuisance but not much more," said Michael Sutton, director of iDefense Labs, a security research company. "The question that needs to be answered is will this vulnerability be found to be exploitable and if so, will public exploit code emerge?"

Sutton said that iDefense researchers have examined the flaw and believe that it is likely exploitable but it's not clear if the exploit will be reliable as it involves memory corruption.

The flaw was discovered by security researcher Michal Zalewski, a Polish security expert who is the author of "Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks."

This article was first published on InternetNews.com. To read the full article, click here.

Submit a Comment

Loading Comments...