Want CNET to notify you of price drops and the latest stories?

Buffer overflow in Internet Explorer urlmon.dll

Causes a denial-of-service (crash) and can allow remote access.

Robert Vamosi Former Editor
As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.
Robert Vamosi

A heap-based buffer overflow vulnerability is still exploitable, even if you applied Microsoft Security Bulletin patch MS2006-042 on or before September 12, 2006. Despite the Microsoft patch, malicious users were still able to cause denial-of-service attacks or execute arbitrary code via a long URL. This is a result of an incomplete fix for CVE-2006-3869. Applying the reissued patch after September 12, 2006 should resolve the problem.

Additional resources: