Internet Explorer ‘javaprxy.dll’ COM Object Exception Handling Lets Remote Users Crash the Browser

A vulnerability was reported in Microsoft Internet Explorer in ‘javaprxy.dll’. A remote user can cause the target user’s browser to crash or potentially execute arbitrary code. A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a heap overflow in ‘javaprxy.dll’ and cause the target user’s browser to crash. Specially crafted object tags can cause certain COM componenets to crash.  It may be possible to overwrite a function pointer to execute arbitrary code. However, the vendor could not reproduce a function pointer overwrite.

Leave a Reply