The Inquirer-Home

Internet Explorer in corruption scandal

Picture of disorder
Tue Jul 19 2005, 08:26
A POLISH security boffin has found that the Microsoft browser IE can be bought to its knees with corrupted JPG files.

Michal Zalewski has been experimenting with random corrupted JPEG and seeing how the various browsers responded. Zalewski has gone on record previously saying that in similar tests using broken HTML mark-ups Vole's IE handled things the best.

However, on the corrupted JPEG test, VoleWare was a doddle to crash and other browsers were much better at handling them, Zalewski said.

Microsoft Internet Explorer can be crashed in potentially exploitable ways quite easily, he said. There are three possible outcomes when a web browser encounters a corrupted image. The browser fails to display the image, it displays as as it can, or it crashes.

Software crashes were a sign that the Volish programmers had not written code that could take corrupted input into account. Many of the crashes were associated with memory corruption, he said.

If a hacker or hackerette were to use corrupted JPGs, he or she could control memory corruption, he or she could then easily alter the program and take over your computer, Zalewski warned.

More on this at the Sydney Morning Herald . µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?