This article is more than 1 year old
Google's Project Zero reveals another Microsoft flaw
Edge, IE can find themselves running unexpected code if cooked by a malicious site
Google's Project Zero has revealed a bug in Microsoft's Internet Explorer and Edge browsers.
First turned up on November 25, the bug offers evildoers a technique that would let a malicious web site crash a visitor's browser as the main course, with code execution as the dessert.
Detailed here, the bug works by attacking a type confusion in HandleColumnBreak
.
OnColumnSpanningElement
A 17-line proof-of-concept crashes that process, with a focus on two variables rcx
and rax
.
“An attacker can affect rax
by modifying table properties such as border-spacing and the width of the first th
element,” Project Zero's post states – so the crafted Web page just needs to point rax
to memory they control.
The issue was published at the end of Project Zero's 90-day disclosure deadline, and it remains unpatched.
Earlier this month, Redmond delayed February's Patch Tuesday, but last week it managed to emit a bunch of fixes for Adobe Flash. ®