Buffer overflow in Internet Explorer 6
When Microsoft issues a cumulative patch for Internet Explorer on Windows 2000 and XP SP1, you'd expect the patch to solve problems. In the case of MS06-042, however, the patch actually caused problems for some users accessing Web sites with HTTP 1.1 compression, in particular, some version of PeopleSoft online applications. When a fully patched Internet Explorer 6 browser attempted to contact such a site, the browser crashed, causing a denial-of-service (DoS) attack. However, once the problem became public, it was possible for criminal hackers to craft specially designed Web sites that could also crash the browser and or execute malicious code via a long URL. Users of Windows XP SP2 were not affected.
On August 24, 2006, Microsoft reissued patch MS06-042. If you do not have Automatic Updates enabled, you should download this reissued patch today.
Additional Resources:
As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
