Thread-topic: [SA23655] Internet Explorer Memory Corruption Weakness
> ----------------------------------------------------------------------
>
> TITLE:
> Internet Explorer Memory Corruption Weakness
>
> SECUNIA ADVISORY ID:
> SA23655
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/23655/
>
> CRITICAL:
> Not critical
>
> IMPACT:
> DoS
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Internet Explorer 6.x
> http://secunia.com/product/11/
>
> DESCRIPTION:
> Michal Zalewski has discovered a weakness in Internet Explorer, which
> can be exploited by malicious people to cause a DoS (Denial of
> Service).
>
> The weakness is caused due to a race condition when reloading XML
> files in iframes. This can be exploited to corrupt memory via
> specially crafted XML files with nested tags.
>
> Successful exploitation crashes the browser. Execution of arbitrary
> code has not been proven, but cannot be completely ruled out.
>
> NOTE: Secunia normally doesn't classify a browser crash as a
> vulnerability nor issue an advisory about it. However, the potential
> risk of this issue may be more severe than currently believed, which
> justifies an advisory being issued.
>
> The weakness is confirmed on fully patched Microsoft Windows XP SP2
> and Windows 2000 SP4 systems with IE 6.0. Other versions may also be
> affected.
>
> SOLUTION:
> Do not browse untrusted sites.
>
> PROVIDED AND/OR DISCOVERED BY:
> Michal Zalewski
>
> ORIGINAL ADVISORY:
> http://lists.grok.org.uk/pipermail/full-disclosure/2007-Januar
> y/051620.html
>