Unpatched IE problem worse than it appeared
It seems that the problem in Internet Explorer, highlighted here, is much worse than previously thought. eWeek reports : “… the realization [has been made] by the security community that an Internet Explorer problem first identified six months ago [is] a lot worse than it appeared.”
This has led “Secunia to issue a rare ‘Extremely Critical’ advisory. Once thought just to be a DoS vulnerability, it turns out that it also allows execution of arbitrary code.”
Benjamin Tobias Franz figured out the original problem in March of this year, which can be summarized thusly: IE fails to correctly initialize the JavaScript “Window()” function, when used in conjunction with a event. This means that Internet Explorer encounters an exception when trying to call a dereferenced 32-bit address located in ECX.
