Originally posted here by Zaldy
Microsoft's Internet Explorer browser crashes when attacked through a new unpatched vulnerability, security companies warned Friday.

The zero-day bug occurs within the "mshtml" library when a malformed HTML tag with an abnormally large number of script handlers is fed to the browser. According to the researcher who posted the initial description to the Bugtraq security mailing list, attackers can easily crash IE by flooding its buffer.

The researcher, Michal Zalewski, also released proof-of-concept code that crashes the latest IE release on a fully-patched edition of Windows XP SP2.
What's your point?? It was actually Thursday... so instead of relying on internet news sites and spouting informatio they give you.. why not stay in the loop yourself.

If you did, you'd see that there were several follow ups pointing out that this is nothing new and that Firefox, Opera and even Safari (that's right you holier than thou Mac users) are vulnerable to many similar things and that browsers themselves are bound to contain problems..

From H.D. Moore (Metasploit Creator)
Firefox also has fun bugs like this :-) Safari too. And Opera. Try this for kicks: use the metasploit firefox_queryinterface exploit against the latest version of Safari, looks where it crashes, follow the code back to its OSS lair...Browser exploits are so much fun - choose your own return address in IE by loading a COM object that ISN'T marked safe for scripting - the DLL still gets mapped to its address space.

Nothing quite like an application where you can jump anywhere within a 32-bit address space and still get code execution 50% of the time.
Browser bugs are convoluted and painful because of how much of the environment is controlled by the user - it doesn't matter who made the browser, all it takes is a free'd heap pointer being reused to gain another shell. Just because IE is still exploitable doesn't mean that the rest of the browsers are safe :0)

-HD



PS. The KJS unicode bug mentioned above probably isn't exploitable, but many out-of-memory conditions can be. Check out Gaël Delalleau's CSW05 talk for some cool tricks. OOM bugs can really suck on x64.




PPS. Go see V for Vendetta.





PPPS. Latest Firefox -the APPLET tag with an interesting SRC parameter is also quite fun - debugging a crash 100 calls deep into the JVM is interesting to wrap your brain around.
I'm really getting tired of people who come along with their "Microsoft sucks because of this" attitude... that really have no ****ing clue (pardon the language).... you didn't even bother to post a source for your comments... they were obviously a CnP from somewhere.. go back to your 'mommy's teet'

Peace,
HT