Buffer-overflow bug in IE

By Paul Festa
Staff Writer, CNET News

Print
E-mail
Share

Related Stories: Student finds AOL bug
February 24, 1998; JavaScript bug in Navigator 4.04
January 20, 1998; IE 4 has hyperlink bug
November 12, 1997

Microsoft is urging users of its Internet Explorer browser to download a patch for a newly discovered buffer-overflow security bug.

The bug takes advantage of the way some versions of the IE browser handle long strings of JScript code.

JScript is a Microsoft scripting language similar to the JavaScript language created by Netscape Communications. The scripting languages, which are unrelated to the Java programming language, are used to create things like pop-up windows and forms on Web pages.

The bug patched yesterday resembles another IE buffer overflow problem reported last year.

In both instances, the bug allows a malicious programmer to take advantage of the way the browser reads a long URL, or, in this case, a long string of JScript code. After the maximum number of characters expected on a string is exceeded, the browser crashes, and the remaining characters--potentially comprising malicious code--go into memory, where they may be executed.

In the case of the previous buffer overflow problem, URLs of the type "res://"--which linked to local resources rather than remote Web pages--would max out after 256 characters, letting malicious programmers write from the 257th character.

In the case of the JScript buffer overflow bug, Microsoft is not disclosing the character limit.

"We know, but don't want to let that information out," said Karan Khanna, product manager for Windows NT security.

Khanna stressed that the bug could not manifest itself as a matter of chance, and that a victim would have to visit a site where the code was deliberately entered. He also noted that Microsoft is not alone in battling the buffer overrun menace.

"This happens on many applications and operating systems," he said. "What we're trying to do is to educate developers about safe coding practices, about taking more care in how they handle strings."

Microsoft has recommended that users unable to download the patch disable active scripting in the "Untrusted" and "Internet" zones under Internet Explorer security preferences.

The problem affects IE 4.0 and 4.01 running on Windows 95, 98, and NT 4.0.

Add a Comment (Log in or register) 1 comment

also in IE 7
by sachxn February 19, 2008 10:18 PM PST: I found this same bug in IE7 with no clue how to make it work.

Sachin; Reply to this comment

Latest tech news headlines

Visualizing Facebook from outer space
Posted in Webware by Dan Farber

November 23, 2008 4:57 AM PST
YouTube lives it up
Posted in News - Digital Media by Natalie Weinstein

November 22, 2008 9:36 PM PST
Blogging from 25,000 feet
Posted in News - Wireless by Kent German

November 22, 2008 4:39 PM PST
See all headlines

Resource center from CNET News sponsors

Business. Ready.

Sony VAIO® Professional PCs.

A new grade in mobility demands a new kind of notebook. And Sony delivers.Tough, portable and featuring up to 7.5 hours of battery life! VAIO® Professional notebooks are built for business. Learn more.

Built tough for business.

Learn more about the rigorous quality testing Sony puts its notebooks through.

Protect your investment.

Find out why VAIO® tech support recently won a Laptop Editors' Choice Award, July 2008.

Long battery life.

Up to 7.5 hours of battery life! See how VAIO® PCs will keep you productive longer when on the road.

Travel light

Check out our ultraportable line-up, starting at 2.87 lbs.

PCs for every need.

Find out which VAIO® notebook is right for you.

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets: Market news, charts, SEC filings, and more; Related quotes; Dow Jones Industrials (6.54%) 494.13 8,046.42; S&P 500 (6.32%) 47.59 800.03; NASDAQ (5.18%) 68.23 1,384.35; CNET TECH (5.95%) 56.25 1,002.00

Inside CNET News

Scroll Left Scroll Right

Business Tech
2 engineers sentenced for espionage
Case goes back to 2001 when the men, who had worked at Sun, Transmeta, NEC, and Trident, were trying to smuggle chip design documents out of the U.S. and into China.
Gallery
Photos: Gadgets we're thankful for, Part 1
Negative Approach
Google gunning for IE with Chrome OEM deals
Search giant is ready to take on Microsoft's browser with OEM deals to increase Chrome's availability.
Outside the Lines
Lifestreaming in Obamaland
The technologies that helped Obama reach the White House are going to make the president-elect's life more transparent and scrutinized than any previous White House occupant.
Video
The BlackBerry Storm touches down
Digital Media
YouTube lives it up
Video-sharing site offers its first live stream of an event--one designed to celebrate itself and many of the most popular performers on the site.
Video
SF Bay Area plugs in
Politics and Law
The key to innovation: Privately owned fiber?
A paper released by the New America Foundation proposes encouraging consumers to purchase their own fiber lines.
Cutting Edge
Water ice glaciers spotted on Mars
NASA scientists find what they believe are huge water ice glaciers sitting just beneath the Martian surface.
Gallery
Photos: Top-rated reviews of the week
Webware
Visualizing Facebook from outer space
Some Facebook engineers came up with a visualization of user activity by the social network's 120 million users across the planet.
Green Tech
Google crunches numbers on clean-energy policy
Search giant pressures policy makers with an analysis arguing that government and business can clean the U.S. energy supply while stimulating the economy.