14 DAY TRIAL // Not long after the discovery of a bug which allows attackers to crash Microsoft's browser, still the most used browsing solution, Secunia announced a new IE vulnerability which can be used to compromise a user's computer.
According to the security company, the vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way which allows the program flow to be redirected to the heap.
Secunia warns that the vulnerability affects Internet Explorer 6 running on a fully patched Windows XP and the January Internet Explorer 7 Beta 2 Preview.
MSRC (Microsoft Security Response Center) said that Microsoft's engineers are aware of the vulnerability and that they are working on a security update. Meanwhile, users are advised to deactivate the Active Scripting, thus preventing the exploitation.
The last vulnerability announced for Internet Explorer had its roots in the mshtml.dll library and it could be triggered by specifying more than a couple thousand script action handlers for any single HTML tag. Due to a programming error, MSIE attempts to write memory array out of bounds.