IE Bugs

Now many have emailed me recently asking me whether Firefox is good to abandon, ever since i posted the firefox vulnerability. Well, my proposition is simple. Firefox has had "some" vulnerabilities and well theyre fixed at this point in time. However if youre thinking of going back to the big bad IE, then think again.

For all those who emailed me, here is a taste of what IE still holds for you *smile*.

Description:
There is a bug in Microsoft Internet Explorer, which causes a crash in
NTDLL.DLL.

This occurs, due to Microsoft Internet Explorer's inability to handle many stack overflows.Typically this happens when there is 110 or more stack overflows.

On Windoze 98 *smile* you will get an error in KERNEL32.DLL.

Affected software:
Big Bad IE

Workaround:
Deactivate "Active Scripting" in the IE options menu.

PoC exploit available here .



Date of discovery:
17. August 2003, Yes guys .. note the date !

Tested software:
Microsoft Internet Explorer 6 SP2 on a fully patched Windows XP SP2 system.

DLL versions:
MSHTML.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
BROWSEUI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
SHDOCVW.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
SHLWAPI.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
URLMON.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)
WININET.DLL: 6.00.2900.2627 (xpsp_sp2_gdr.050309-1648)

So there you have it !

Made your choice yet ?

*smile*

For now , Im gonna make myself a cuppa tea and enjoy surfing on Mozilla's Firefox !