Un-patched IE Flaw Worse Than Expected

Secunia has issued a rare “Extremelly Critical” warning for an un-patched IE flaw that was reported over 6 months ago.

Benjamin Tobias Franz figured out the original problem in March of this year, which can be summarized thusly: IE fails to correctly initialize the JavaScript “Window()” function, when used in conjunction with a event. This means that Internet Explorer encounters an exception when trying to call a dereferenced 32-bit address located in ECX.

If we execute the following code:
CALL DWORD [ECX+8]
ECX will be populated by the Unicode representation of a text string named “OBJECT”, which translates in hex to 0x006F005B. Because offset 0x006F005B points to an invalid (or non-existent) memory location, Internet Explorer fails to execute the next instruction in the stack and the user sees the application crash. This is why the problem was first classified as a Denial of Service.

Please, just go download Firefox.

Have something to tell us about this article?
Let us know

or Comment Below

Gaming Trailers

More Like This
Valkyrie Elysium | Launch Trailer
Latest Trailers
Digimon Survive | Gameplay Trailer

Got a tip?

Let us know