Internet Explorer Infinite Array Sort Denial Of Service Vulnerability

Microsoft Internet is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs an infinite JavaScript array sort operation. It is conjectured that this will only result in a denial of service and is not further exploitable to execute arbitrary code, though this has not been confirmed.

Vulnerable
Microsoft Internet Explorer 6.0 SP2
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0

Not vulnerable
Microsoft Internet Explorer Macintosh Edition 5.2.3

The above is discovered by Berend-Jan Wever

http://www.securityfocus.com/bid/11751/discussion/

Leave a Reply