New bug can crash Internet Explorer

Microsoft is investigating a newly reported flaw in Internet Explorer 6 that could cause the browser to crash when viewing a malicious Web page, the company said Monday.

Details of the security weakness in the Web browser were published on a popular security mailing list last week by researcher Michal Zalewski. "This might not come as a surprise, but there appears to be a very interesting and apparently very much exploitable overflow in Microsoft Internet Explorer," he wrote.

The flaw can be exploited by an attacker to crash IE, Secunia said in an advisory published Monday. The vulnerability has been confirmed on a fully patched PC running IE 6 and Windows XP with Service Pack 2, the security monitoring company said. Secunia deems the issue "not critical."

Microsoft is investigating the issue, a company representative said in an e-mailed statement. "At this time, we are not aware of any attacks attempting to use the reported vulnerability," the representative wrote.

Once it completes its inquiry, Microsoft said, it may issue a security advisory or provide a patch through its monthly release process.

[OneWithTech]

I know for a fact..

I've watched it happen in front of me while doing research on
spyware. All of a sudden -- the hard drive goes nuts and CRASH IE
is taken out.

Wake up and by a Mac!

~Justin

[advs89]

Live.com

Microsoft's live.com has crashed my browser many times...

[Lee in California]

IE

Do people really still use Internet Explorer???(unless they are at work and have no choice)

Thats weird.

[julianrodriguez]

indeed it crashes

hehehe.... yes... it crashes

[wakizaki]

Simple, Use Firefox or Opera

Why does everybody still entrenched in using Internet Exploder :P Install Mozilla Firefox
or Opera and say goodbye to IE

[Jackson Cracker]

There's really no excuse for this in 2006

Buffer overflow is something that has been well known and well understood for decades now.
Microsoft needs to do an investigation to find the programmer(s) responsible,
and work together with other software companies to develop a blacklist so that
incompetents don't just move on to another unsuspecting employer.

[Walt Connery]

What bunk...

When will people wake up and smell the coffee, and stop being such easy dupes? The purpose of this so-called "security advisory" doesn't either enlighten or help a single, solitary soul--except maybe hackers who find their "jobs" (heh...;)) made easier by the process of self-styled "security firms" publishing details surrounding the holes they find.

The obvious answer to why a "security firm" would publish such information, information it deems "non-critical" and information surrounding a hole that has never been exploited by any entity except the "security firm" itself, is that the publication of such information is positive PR for the security firm itself. Outside of self-promotion for the "security firm," this information has no *positive* value whatsoever.

This is akin to Symantec publishing details of a virus that no one has ever contracted, and that no one has ever written before, in the hopes that someone will take this information and write a virus with it so that Symantec could then provide a "cure."

This "security firm" nonsense is a racket, pure and simple. A pity that so few people can see past the length of their own shallow prejudices to see it.

Been there...

...done that. Why am I not surprised by this? I guess it's because we always end up reading stuff about IE's vulnerabilities. Old news!

[Earl Benser]

I appreciate Microsoft's consideration.....

.... by NOT developing any more IE versions from the Mac. To show
my appreciation, I have removed all copies of IE from my PC's too,
as much as IE can be removed from Windows. MS really welded IE
into Windows to beat out Netscape.

[booboo1243]

MS should stick to games only before they kill someone...wait, they did!

MS should stick to games only before they kill someone as a direct result of poor quality products. Wait a minute, they did already. If you take the one death directly attributed to the blackout of '03, which I believe was caused by major power lines failing. The people tasked to monitoring those failing lines did not know there were issues developing, because the systems used were down due to a Microsoft virus. If it wasn't for the Blaster worm the blackout that cost millions of dollars ...maybe a billion? ...probably never would have happened.

[booboo1243]

Facts? Here are some facts...

The *nix systems are being phased out for SCATA based systems, which all too often are being controlled by Windows virus based systems.

There were key PCs tasked to monitoring only, that were infected with viruses while the "host of other issues" were playing out. Trees take down power lines all the time, are you telling me the blackout of '03 was the only instance where trees took down lines? It was because of Microsoft infected devices tasked to monitoring this event failing, that action was not taken in a timely matter that may have prevented the blackout. That's where those of us not being paid off point fingers, with untainted common sense.

[Charleston Charge]

This bug

is not out in the wild AND it requires user interaction. It seems to me that if this same story was for the Mac everyone would be crying out FUD. I'm a Firefox and Opera user myself but it's just kind of amusing how one sided some of these posts tend to be.

[Seaspray0]

Just DO IT and stop griping about it

If you don't like it, then wipe all microsoft software from your computer and install something else. There are alternatives avaialable and you do have a choice. If you are using somethine else, then you have no reason to vent your stupid complaining because you are not affected.

So why is it that almost all the complaining is from people who don't even use microsoft software? Oh, come on... you're so easy to spot... "M$, Micro$oft, Windoze, Just another example, etc, etc, etc." You have no right to complain; YOU DON'T EVEN USE IT.

I've had about enough from you MAC boys and Linux groupies. I'm not talking about everyone who uses Linux or MAC. Nope, just those of you who have nothing better to do with your pathetic, useless life than constantly complain about an OS you don't even use. Don't like my post? Byte me!

How Long Will it Take To Fix?

Isn't the real question how long will it take for Microsoft to fix this vulnerability? Even tho this is not out in the wild they should be proactive and fix it!

[sylhyntm]

Exactly which part

of the english language do you not understand?

I kinda thought I made it pretty clear that I was nearly exhausted and got ahead of myself - forgetting to go back and re-read before posting. Had I, I would have corrected that first part to read so that it was clear that the Tabbrowsing did exist on IE (NOW, like after it had long been a feature in Mozilla projects - same as RSS feeds and anti-pop-up and phishing features) Features that mysteriously didn't appear in IE until they began to see some market erosion.

So - can you write a add-on to IE that enables even more flexibility to the Tabs? Probably not.
Can you write a feature to add enormous functionality in other parts of IE - no - you probably cannot.

By the way - can you remember the original instruction set for the 4086 processor - you know - the one that preceded the 8086 that was originally used in the first IBM PC's?

Yeah, I probably have forgotten more advanced programming techniques from the previous generations than you have mastered in the current.

Do you also have any in depth analog computing experience behind you? How about computers that don't even use electricity (like the pnuematic/hydraulic forced balance analogs I was responsible for on the USS Ranger)?

30 years and then some - but ONLY 30 as a recognized professional. The earlier work only got me statewide recognition in Ohio - and numerous scholarship offers while I was still in high school. Doing stuff like operational amplifier research and early gated logic circuits.

[dlmeyer]

THIS is NEWS?

I'm a Mac guy. I'm a Mac guy in part because I'd rather not deal
with Microsoft's standard of 'excellence' unless I'm paid for the
effort. I firmly believe things about Microsoft that could get me
sued for slander or libel or some such.

Know where I'm coming from? OK. I'm telling you that this is not
a big deal. the bug allows a remote site to crash your browser.
While that is more of a disaster than has been successfully
visited on many Mac users, this is worth an uproar because ...? It
could annoy you by closing your other tabs ... oh, does IE have
those yet? It's no big deal! You restart IE and don't return to that
site ... and just what will you tell your wife or boss you were
doing there anyway?

Please ... even an enemy of the Evil Empire can't get roused over
this one.