Buffer overflow in Internet Explorer 6

Flaw within cumulative IE patch MS06-042 from Microsoft triggers IE 6 to crash

When Microsoft issues a cumulative patch for Internet Explorer on Windows 2000 and XP SP1, you'd expect the patch to solve problems. In the case of MS06-042, however, the patch actually caused problems for some users accessing Web sites with HTTP 1.1 compression, in particular, some version of PeopleSoft online applications. When a fully patched Internet Explorer 6 browser attempted to contact such a site, the browser crashed, causing a denial-of-service (DoS) attack. However, once the problem became public, it was possible for criminal hackers to craft specially designed Web sites that could also crash the browser and or execute malicious code via a long URL. Users of Windows XP SP2 were not affected.

On August 24, 2006, Microsoft reissued patch MS06-042. If you do not have Automatic Updates enabled, you should download this reissued patch today.

Additional Resources:

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.


    Discuss Buffer overflow in Internet Explorer 6

    Conversation powered by Livefyre

    Show Comments Hide Comments