The First Security Vulnerability in Internet Explorer 7

Various versions of Internet Explorer, including IE7 for Windows XP SP2 and the browser integrated into Windows Vista are vulnerable to exploits targeting a zero-day flaw. Microsoft has confirmed the existence of the Internet Explorer ActiveX bgColor Property Denial of Service vulnerability reported by Determina Security Research.

"We have confirmed that this issue can be used to cause the instance of Internet Explorer to exit when viewing the specially crafted Web page. We have confirmed that there is no possibility to use the bug to do anything beyond that, e.g. execute code. As such it is more along the lines of a stability issue and would be treated along similar issues reported into Microsoft using the Online Crash Analysis system," stated a Microsoft representative.

According to Determina, besides Internet Explorer 7 in Windows XP and Vista, prior versions 5 and 6 of the browser are also affected. "Determina Security Research has discovered a denial of service vulnerability in multiple ActiveX controls included in Internet Explorer. This vulnerability can be exploited by a malicious web page and results in a termination of the Internet Explorer process. Our analysis indicates that remote code execution is unlikely. The vulnerable ActiveX controls are installed by default with all versions of Internet Explorer on Windows 2000, XP, 2003 and Vista," revealed Determina.

Determina has even made available the proof of concept, a HTML file that triggers the vulnerability. Additionally, Determina has warned users of IE 5 and 6 that they are more exposed to the vulnerability as those specific browser versions exploiting the flaw do not require user interaction.

The vulnerability has been identified with the help of a fuzzer (a fault injector program) designed to instantiate and enumerate the properties of the ActiveX controls on the system.