Google’s Project Zero reveals another Microsoft flaw

Google’s Project Zero has revealed a bug in Microsoft’s Internet Explorer and Edge browsers.

First turned up on November 25, the bug offers evildoers a technique that would let a malicious web site crash a visitor’s browser as the main course, with code execution as the dessert.

Detailed here, the bug works by attacking a type confusion in HandleColumnBreak

OnColumnSpanningElement
.

A 17-line proof-of-concept crashes that process, with a focus on two variables rcx and rax.

“An attacker can affect rax by modifying table properties such as border-spacing and the width of the first th element,” Project Zero’s post states – so the crafted Web page just needs to point rax to memory they control.

The issue was published at the end of Project Zero’s 90-day disclosure deadline, and it remains unpatched.

Earlier this month, Redmond delayed February’s Patch Tuesday, but last week it managed to emit a bunch of fixes for Adobe Flash. ®

Source: The Register – Security @ February 26, 2017 at 05:27PM

0
Share