Buffer overflow in Internet Explorer 6

Flaw within cumulative IE patch MS06-042 from Microsoft triggers IE 6 to crash

Robert Vamosi Former Editor

As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

See full bio

Robert Vamosi

Jan. 23, 2007 12:47 p.m. PT

When Microsoft issues a cumulative patch for Internet Explorer on Windows 2000 and XP SP1, you'd expect the patch to solve problems. In the case of MS06-042, however, the patch actually caused problems for some users accessing Web sites with HTTP 1.1 compression, in particular, some version of PeopleSoft online applications. When a fully patched Internet Explorer 6 browser attempted to contact such a site, the browser crashed, causing a denial-of-service (DoS) attack. However, once the problem became public, it was possible for criminal hackers to craft specially designed Web sites that could also crash the browser and or execute malicious code via a long URL. Users of Windows XP SP2 were not affected.

On August 24, 2006, Microsoft reissued patch MS06-042. If you do not have Automatic Updates enabled, you should download this reissued patch today.

Additional Resources:

Microsoft info: Technet blog entry 923762
US-CERT: VU#821156

Mobile Guides

Phones

Foldable Phones

Headphones

Mobile Accessories

Smartwatches

Wireless Plans

Mobile coupons