A newly discovered flaw in Microsoft’s Internet Explorer browser can cause the browser to crash and may expose PCs to another round of nasty Internet hack attacks, security firms said Tuesday.
The vulnerability is caused by a “buffer overflow,” a flaw that has plagued Internet Explorer in the past. In this case, the flaw allows a malicious attacker to flood the browser with garbage data via a malformed HTML tag. The browser lacks allocated memory to handle the flow of unexpected data and responds to the attack by crashing.
Researchers are now investigating whether this flaw can also be used to inject malicious code into computers, which would allow attackers to remotely control or alter the contents of affected computers.
If so, it’s possible that this flaw could allow attack code to enter computers when users simply visit a malicious Web site. There is currently no patch or workaround that can protect users from the fallout.
“A Web browser crash by itself is basically a non-event, a nuisance but not much more,” said Michael Sutton, director of iDefense Labs, a security research company. “The question that needs to be answered is will this vulnerability be found to be exploitable and if so, will public exploit code emerge?”
Sutton said that iDefense researchers have examined the flaw and believe that it is likely exploitable but it’s not clear if the exploit will be reliable as it involves memory corruption.
The flaw was discovered by security researcher Michal Zalewski, a Polish security expert who is the author of “Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks.”
Zalewski posted a report on the latest IE flaw on Bugtraq, a technology news site. Zalewski also released proof-of-concept code so that others could confirm his findings.
A Microsoft spokesman said the company is aware of the “public reports of a possible vulnerability in Internet Explorer” but said there are currently no reports of any attacks using the vulnerability or any customer impact from the flaw.
“Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary,” he said. “Once the investigation is complete, Microsoft will take the appropriate action to protect our customers, which may include issuing a security advisory or providing a security update through our monthly release process, depending on customer needs.”
The spokesperson also stressed that Microsoft would prefer to have heard about the vulnerability via a private communication between the company and the researcher.
According to Zalewski’s research, other browsers, such as Firefox and Opera, are not susceptible to this attack.