Microsoft Internet Explorer normalize() Function Memory Corruption Vulnerability

ID ZDI-06-048
Type zdi
Reporter Sam Thomas
Modified 2006-11-09T00:00:00


This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

The specific vulnerability exists due to improper handling of the normalize() function. When called in certain circumstances user controllable memory can be used to execute arbitrary code.