1 WEEK and 4 DAYS AGO:JoneZ wrote about a particular IE vulnerability in his Sept 3
blog. This vulnerability mainly affected Internet Explorer 6 SP1 and some other versions of IE. The proof of concept code, when executed, caused IE to crash as a result of a COM object buffer overflow. From a security perspective, this vulnerability can be utilized as a platform for a denial of service attack.
NOW:We’ve just gotten our hands on a program done by the same author who created the PoC code for the IE exploit. Although it is just a text file containing a source code written in C, when compiled and executed, the program accesses a site (belonging to the PoC code author) and generates an HTML file that contains the same PoC code which causes IE to crash when it is opened using that particular browser. The behavior of the dropped HTML is similar to the one which JoneZ had mentioned in his blog a week ago. The file has been sent to the proper channels for processing. We’ll update you if a solution for this possible threat has been deployed.