Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability

2006-08-08T00:00:00
ID ZDI-06-026
Type zdi
Reporter Sam Thomas
Modified 2006-06-22T00:00:00

Description

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists due to improper garbage collection when multiple "imports" are used on a "styleSheets" collection. Crafting a long chain of CSS imports in an HTML document results in a memory corruption eventually leading to code execution.