Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Yet Another IE Flaw (YAIEF) - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Yet Another IE Flaw (YAIEF)
Today, if you are plagued with farcical fulminations from Firefox fans or self-satisfied smirks from Safari sympathizers, it may be because of this, from Secunia:

"Michal Zalewski has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system.  The vulnerability is caused due to an error in the processing of certain sequences of nested 'object' HTML tags. This can be exploited to corrupt memory by tricking a user into visiting a malicious web site.  Successful exploitation allows execution of arbitrary code."

Thanks to diligent reader Karl Prince for the heads-up.

I remember back in the mid-90's, we used to joke about a bug-of-the-month club for Sendmail.  Well, Sendmail has gotten far better, but perhaps we need a bug-of-the-week club, or even a zero-day-of-the-week (ZDotW) club for IE?

--Ed Skoudis
Intelguardians.
Ed

57 Posts

Sign Up for Free or Log In to start participating in the conversation!