Microsoft Internet Explorer is prone to a remote buffer-overflow vulnerability. A successful exploit may result in arbitrary code-execution in the context of the user running the browser. This issue was introduced with the rereleased patches of Microsoft advisory MS06-042. This issue is nearly identical to that discussed in BID 19667 (Microsoft Internet Explorer HTTP 1.1 and Compression Long URI Buffer Overflow Vulnerability), but is a separate vulnerability.
Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run non-administrative software as an unprivileged user with minimal access rights.
Do not follow links provided by unknown or untrusted sources.
An attacker must convince a vulnerable user to view a malicious web page to exploit this issue. Never follow links provided by unknown sources from a critical computer.
Implement multiple redundant layers of security.
Various memory-protection schemes (such as non-executable and randomly mapped memory segments) may hinder an attacker's ability to exploit this vulnerability to execute arbitrary code.
Microsoft Security Bulletin MS06-042 has been reissued to address this issue. Please see the referenced advisory for more information. Microsoft Security Bulletin MS06-042 has been updated to address a flaw in Mshtml.dll that was introduced in the previous fixes. Please see the referenced advisory for more information.