Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another MS Internet Explorer Security Hole

Posted by timothy on Wednesday November 3, 2004 @02:37AM from the ever-onward dept.

chkorn writes "Michal Zalewski detected another security issue in Microsoft's Internet Explorer. With a well formed FRAME or IFRAME tag a Buffer Overflow happens and you can execute bad code on the stack. In his announcement on Bugtraq, he added a proof of concept and explained that all Internet Explorer 6.0 versions are affected, except Windows XP SP2 installations."

2 of 18 comments (clear)

Min score:

Reason:

Sort:

implementation by alatesystems · 2004-11-03 02:48 · Score: 4, Informative

I tried it on an xp SP1 box and it just freezes it.

I tried it on Mozilla 1.7.3 and it freezes it for about a minute, and then unfreezes and shows a blank IFRAME.

If you want to try it w/o extracting and all that stuff, click here.

Chris
not so important these days by swright · 2004-11-03 03:03 · Score: 3, Informative

Over 30% of web traffic is from XP SP2 now (UK traffic at least).*

SP2 is meant to stop this kind of stuff happening. People are installing SP2.

This is good, and a step forward - in a few weeks it's looking like it'll be over 50%.

I don't mean to winge, but pre-SP2 security holes don't seem newsworthy to me...

(* the company I work for runs tracking/surveying code on lots of UK commercial/retail web sites - we're seeing 3-5% per week increase in SP2 traffic, last week it went over 30% of total traffic)