Microsoft Internet Explorer normalize() Function Memory Corruption Vulnerability

2006-12-12T00:00:00
ID ZDI-06-048
Type zdi
Reporter Sam Thomas
Modified 2006-11-09T00:00:00

Description

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

The specific vulnerability exists due to improper handling of the normalize() function. When called in certain circumstances user controllable memory can be used to execute arbitrary code.