Unpatched IE Flaw Is Worse Than Expected

Last week was shortened by the Thanksgiving holiday, and it seemed the malware guys took it off as well. There was not much going on of recent origin, and the biggest blip on the security radar was the realization by the security community that an Internet Explorer problem first identified six months ago was a lot worse than it appeared. The realization caused Secunia to issue a rare "Extremely Critical" advisory. Once thought just to be a DoS vulnerability, it turns out that it also allows execution of arbitrary code.

Benjamin Tobias Franz figured out the original problem in March of this year, which can be summarized thusly: IE fails to correctly initialize the JavaScript "Window()" function, when used in conjunction with a event. This means that Internet Explorer encounters an exception when trying to call a dereferenced 32-bit address located in ECX.

If we execute the following code:


CALL DWORD [ECX+8]


ECX will be populated by the Unicode representation of a text string named "OBJECT", which translates in hex to 0x006F005B. Because offset 0x006F005B points to an invalid (or non-existent) memory location, Internet Explorer fails to execute the next instruction in the stack and the user sees the application crash. This is why the problem was first classified as a Denial of Service.


News source: eWEEK.com


Report a problem with article
Next Article

China to Have Their Own Next Gen DVDs

Previous Article

New Mac Mini set to enter the media center market

-1 Comments - Add comment

Advertisement