Want CNET to notify you of price drops and the latest stories?
X
WWDC: Everything We ExpectRemote Working in ParadiseBest Mineral SunscreensBest Solar CompaniesCNET CouponsMeal Subscription vs. TakeoutBest Satellite Internet ProvidersCurrent Mortgage Rates
Buffer overflow in Internet Explorer urlmon.dll
Causes a denial-of-service (crash) and can allow remote access.
Robert Vamosi Former Editor
As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.
A heap-based buffer overflow vulnerability is still exploitable, even if you applied Microsoft Security Bulletin patch MS2006-042 on or before September 12, 2006. Despite the Microsoft patch, malicious users were still able to cause denial-of-service attacks or execute arbitrary code via a long URL. This is a result of an incomplete fix for CVE-2006-3869. Applying the reissued patch after September 12, 2006 should resolve the problem.
Additional resources:
- Microsoft: Reissued MS06-042
- eEye Research: AD20060912