• On The Insider: Judge Bans Real Housewives Sex Tape

August 19, 1998 1:25 PM PDT

Buffer-overflow bug in IE

By Paul Festa
Staff Writer, CNET News

  • 1 comment
Related Stories

Student finds AOL bug

 February 24, 1998

JavaScript bug in Navigator 4.04

 January 20, 1998

IE 4 has hyperlink bug

 November 12, 1997
Microsoft is urging users of its Internet Explorer browser to download a patch for a newly discovered buffer-overflow security bug.

The bug takes advantage of the way some versions of the IE browser handle long strings of JScript code.

JScript is a Microsoft scripting language similar to the JavaScript language created by Netscape Communications. The scripting languages, which are unrelated to the Java programming language, are used to create things like pop-up windows and forms on Web pages.

The bug patched yesterday resembles another IE buffer overflow problem reported last year.

In both instances, the bug allows a malicious programmer to take advantage of the way the browser reads a long URL, or, in this case, a long string of JScript code. After the maximum number of characters expected on a string is exceeded, the browser crashes, and the remaining characters--potentially comprising malicious code--go into memory, where they may be executed.

In the case of the previous buffer overflow problem, URLs of the type "res://"--which linked to local resources rather than remote Web pages--would max out after 256 characters, letting malicious programmers write from the 257th character.

In the case of the JScript buffer overflow bug, Microsoft is not disclosing the character limit.

"We know, but don't want to let that information out," said Karan Khanna, product manager for Windows NT security.

Khanna stressed that the bug could not manifest itself as a matter of chance, and that a victim would have to visit a site where the code was deliberately entered. He also noted that Microsoft is not alone in battling the buffer overrun menace.

"This happens on many applications and operating systems," he said. "What we're trying to do is to educate developers about safe coding practices, about taking more care in how they handle strings."

Microsoft has recommended that users unable to download the patch disable active scripting in the "Untrusted" and "Internet" zones under Internet Explorer security preferences.

The problem affects IE 4.0 and 4.01 running on Windows 95, 98, and NT 4.0.

Add a Comment (Log in or register)
also in IE 7
by sachxn February 19, 2008 10:18 PM PST
I found this same bug in IE7 with no clue how to make it work.

Sachin
Reply to this comment
advertisement
Click Here

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Dow Jones Industrials (-0.45%) -36.65 8,146.52
S&P 500 (-0.40%) -3.55 879.13
NASDAQ (0.20%) 3.48 1,756.03
CNET TECH (0.36%) 4.57 1,262.65
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET
  • Popular on CBS sites: