IE 4 has hyperlink bug

Microsoft (MSFT) last night posted a fix to an Internet Explorer 4.0 bug that could turn a hyperlink into a hornet's nest.

The company yesterday confirmed the existence of what it is calling the buffer-overrun security bug. The bug allows a malicious Web site author to take advantage of IE 4.0's limited capacity for Web addresses of the "res://" type.

Here's how it works: IE 4.0 can only read a res:// hyperlink address of up to 256 characters. Anything longer than that crashes the browser and causes the remaining characters of the address to go into the computer's memory. A malicious Web site author can make trouble simply by writing hostile code from the 257th character of the res:// address.

News of the bug was posted Monday to the advisory page of LOpht Heavy Industries.

"This is a very obscure bug," IE 4.0 group product manager David Fester said. "So far, no site has reported any damage, and no user has reported any damage."

Only people using Windows 95 and IE 4.0 are at risk, according to Fester. The fix is posted to the Microsoft IE security page.