• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Openwares.org Internet Explorer Patch Buffer Overflow Vulnerability

It has been reported that the Internet Explorer patch supplied by Openwares.org for the Multiple Browser URI Display Obfuscation Weakness (BID 9182) may be prone to a buffer overflow condition that may allow an attacker to execute arbitrary code on a vulnerable system in order to gain unauthorized access. The condition is present due to insufficient boundary checking. The problem is reported to exist in the BeforeNavigateEvent() function of IETray.cpp module. This may also cause a denial of service condition in Internet Explorer.