Buffer overflow in Internet Explorer 6

Flaw within cumulative IE patch MS06-042 from Microsoft triggers IE 6 to crash

When Microsoft issues a cumulative patch for Internet Explorer on Windows 2000 and XP SP1, you'd expect the patch to solve problems. In the case of MS06-042, however, the patch actually caused problems for some users accessing Web sites with HTTP 1.1 compression, in particular, some version of PeopleSoft online applications. When a fully patched Internet Explorer 6 browser attempted to contact such a site, the browser crashed, causing a denial-of-service (DoS) attack. However, once the problem became public, it was possible for criminal hackers to craft specially designed Web sites that could also crash the browser and or execute malicious code via a long URL. Users of Windows XP SP2 were not affected.

On August 24, 2006, Microsoft reissued patch MS06-042. If you do not have Automatic Updates enabled, you should download this reissued patch today.

Additional Resources:

Featured Video
Close
Drag