A story on eWeek.com yesterday reported that an independent security researcher by the name of Tom Ferris had discovered and pinpointed a denial-of-service flaw in Microsoft’s Internet Explorer (IE) 7 Beta 2 Preview.
Ferris, known online as “badpack3t,” found the flaw just moments after installing the new, security-centric browser. Specially crafted HTML could lead to an IE7 crash, because the “file://” protocol was not properly parsed by “urlmon.dll,” eWeek reported.
“I’ve confirmed a denial-of-service at this point, but I’m sure someone malicious could research this some more to control memory at some point to cause code execution,” Ferris told eWeek.
A screenshot proving the browser crash is posted on the Security-Focus site, as well as a proof-of-concept demonstration.
For more on IE7 Beta 2 Preview’s release, read Microsoft Releases Internet Explorer 7 Beta.
-Al Sacco
