Computer Crime Research Center


New holes in Internet Explorer

Date: June 02, 2005
Source: softpedia

It had already been too long since any vulnerability has been discovered in Internet Explorer, so things had to go back to normal. Even if we’re not talking about some serious security bugs, IE is once
again in pain, and together with it, the browser’s tormented users.

Benjamin Tobias Franz identified these vulnerabilities in Internet Explorer SP2 version 6 and in all the previous ones. The bugs allow a hacker to cause a DOS (Denial of Service)-type attack using the vulnerable system.

The first detected problem makes it possible to block the victim’s systems through a HTML page previously specially modified by a hacker. The page forces Internet Explorer to enter an infinite loop of refreshing and launching new pages.

The second bug was tracked in the JScript.dll file, which does not handle properly certain "onload" javascript requests. Thus, a specially modified webpage could cause a denial of service - type attack.

There are clues to the existence of a third vulnerability, this time in the urlmon.dll module, which could be the base for a new possible DOS attack, if a booby trapped URL is placed within a trusted site.

Quite obviously, no corrective patches have been released for any of these vulnerabilities, and it will take quite a long time before Microsoft releases the next wave of security updates.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo