IE 'object' tag flaw found |
 |
By Bill Brenner, Senior News Writer
26 Apr 2006 | SearchSecurity.com |
|
|
Two weeks after Microsoft patched a series of flaws in Internet Explorer, a new vulnerability has surfaced that could allow attackers to launch malicious code and corrupt system memory.
The latest security hole was discovered by researcher Michal Zalewski, whose analysis was posted on the Full-Disclosure electronic mailing list hosted and sponsored by Danish vulnerability clearinghouse Secunia.
"There appears to be a vulnerability in how Microsoft Internet Explorer handles (or fails to handle) certain combinations of nested 'object' tags," Zalewski wrote. "At first sight, this vulnerability may offer a remote compromise vector, although not necessarily a reliable one. The error is convoluted and difficult to debug in absence of sources."
As such, he said, "I cannot offer a definitive attack scenario, nor rule out that my initial diagnosis will be [proven] wrong. As such, panic, but only slightly."
In its own advisory, Secunia rated the flaw "highly critical," saying it is caused by an error in how certain sequences of nested "object" HTML tags are processed. "This can be exploited to corrupt memory by tricking a user into visiting a malicious Web site," Secunia said. "Successful exploitation allows execution of arbitrary code."
Secunia said the vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. The firm recommended Web surfers stay away from untrusted sites to reduce the threat.
Microsoft is investigating the flaw, according to media reports. The software giant last addressed security holes in the browser April 11, when it released a cumulative fix for vulnerabilities that included the createTextRange flaw.
That flaw became the target of hundreds of attacks in late March and early April.
|
|
|
|
