MaYeR

Microsoft has confirmed the existence of a critical Internet Explorer flaw that could put millions of IE users at risk of code execution just by visiting a malicious Web site. The flaw was first reported this week by Danish security firm Secunia.

According to the firm's advisory, the flaw exists in how Internet Explorer interprets the "createTextRange()" method used for radio button controls in HTML forms. From there, the flaw can be exploited to allow program flow to be redirected to the heap.

When this occurs, the attacker can then exploit the vulnerability to execute code on an affected computer. Secunia recommends that active scripting support be disabled, an action Microsoft's Security Response Center also suggested.

The flaw has been confirmed to exist on a fully patched system with Internet Explorer 6 and Windows XP Service Pack 2. The vulnerability also affects the Beta 2 Preview of Internet Explorer, although the refresh provided at MIX 06 this week is apparently not affected.

News of the flaw came a day after a security researcher discovered another bug in the market-leading browser. That issue, while more of a nuisance than an actual security threat, causes IE to crash when visiting a malicious Web site.

The problem is caused by an array boundary error in the handling of HTML tags with multiple event handlers. The vulnerability can be exploited to cause Internet Explorer 6 to crash through a specially crafted HTML tag with 94 or more event handlers.

__________________
Mayer