Secunia has issued a rare “Extremelly Critical” warning for an un-patched IE flaw that was reported over 6 months ago.

Benjamin Tobias Franz figured out the original problem in March of this year, which can be summarized thusly: IE fails to correctly initialize the JavaScript “Window()” function, when used in conjunction with a event. This means that Internet Explorer encounters an exception when trying to call a dereferenced 32-bit address located in ECX.

If we execute the following code:
CALL DWORD [ECX+8]
ECX will be populated by the Unicode representation of a text string named “OBJECT”, which translates in hex to 0×006F005B. Because offset 0×006F005B points to an invalid (or non-existent) memory location, Internet Explorer fails to execute the next instruction in the stack and the user sees the application crash. This is why the problem was first classified as a Denial of Service.

Please, just go download Firefox.

Related posts:

Dreamcast 2.0 (Is the XBox 360 really another DC?)
Important Information for Internet Explorer for Mac Users
Future of IE7
Firefox Flaw Makes Password Theft Possible
Sony Discovers flaw in some camera models BUT offer the repairs for free

Hope you like that post!

Forever Geek is a resource for all things geek. You can stay tuned by having the latest FG news delivered to you for free via RSS.