Internet Explorer in corruption scandal

Picture of disorder

By Nick Farrell

Tue Jul 19 2005, 08:26

A POLISH security boffin has found that the Microsoft browser IE can be bought to its knees with corrupted JPG files.

Michal Zalewski has been experimenting with random corrupted JPEG and seeing how the various browsers responded. Zalewski has gone on record previously saying that in similar tests using broken HTML mark-ups Vole's IE handled things the best.

However, on the corrupted JPEG test, VoleWare was a doddle to crash and other browsers were much better at handling them, Zalewski said.

Microsoft Internet Explorer can be crashed in potentially exploitable ways quite easily, he said. There are three possible outcomes when a web browser encounters a corrupted image. The browser fails to display the image, it displays as as it can, or it crashes.

Software crashes were a sign that the Volish programmers had not written code that could take corrupted input into account. Many of the crashes were associated with memory corruption, he said.

If a hacker or hackerette were to use corrupted JPGs, he or she could control memory corruption, he or she could then easily alter the program and take over your computer, Zalewski warned.

More on this at the Sydney Morning Herald . µ

Grindr dating app gets hacked Schoolboy security error Monday, 23 January 2012, 10:22 AM Read more	Apple gets Samsung tablet banned for another week Australian ructions keeping hardware out of stores Friday, 2 December 2011, 09:21 AM Read more
Browser plug-ins, social networks, HTML iframes top Q3 security threats Latest report exposes major internet risks Wednesday, 23 November 2011, 17:55 PM Read more	Anonymous and Lulzsec take on the heavens The Sun, NATO and others go down under low orbit ion cannon fire Friday, 22 July 2011, 15:35 PM Read more
$5,000 of bounties are offered in Metasploit exploit race Google Chrome evades exploiters' attempts Thursday, 16 June 2011, 11:58 AM Read more	Microsoft predicts the demise of tablets Between a rock and a hard place Wednesday, 30 March 2011, 15:45 PM Read more

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

IT Security Specialist Mov

IT Security Specialist Move...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Internet Explorer in corruption scandal

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review