Buffer overflow in Internet Explorer urlmon.dll

Causes a denial-of-service (crash) and can allow remote access.

A heap-based buffer overflow vulnerability is still exploitable, even if you applied Microsoft Security Bulletin patch MS2006-042 on or before September 12, 2006. Despite the Microsoft patch, malicious users were still able to cause denial-of-service attacks or execute arbitrary code via a long URL. This is a result of an incomplete fix for CVE-2006-3869. Applying the reissued patch after September 12, 2006 should resolve the problem.

Additional resources:

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.


    Discuss Buffer overflow in Internet Explorer urlmon.dll

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Articles from CNET
    Texting while strolling makes you walk funny, study confirms