Security

Google's Project Zero reveals another Microsoft flaw

Edge, IE can find themselves running unexpected code if cooked by a malicious site

By Richard Chirgwin

25 SHARE

Google's Project Zero has revealed a bug in Microsoft's Internet Explorer and Edge browsers.

First turned up on November 25, the bug offers evildoers a technique that would let a malicious web site crash a visitor's browser as the main course, with code execution as the dessert.

Detailed here, the bug works by attacking a type confusion in HandleColumnBreak
OnColumnSpanningElement
.

A 17-line proof-of-concept crashes that process, with a focus on two variables rcx and rax.

“An attacker can affect rax by modifying table properties such as border-spacing and the width of the first th element,” Project Zero's post states – so the crafted Web page just needs to point rax to memory they control.

The issue was published at the end of Project Zero's 90-day disclosure deadline, and it remains unpatched.

Earlier this month, Redmond delayed February's Patch Tuesday, but last week it managed to emit a bunch of fixes for Adobe Flash. ®

Sign up to our NewsletterGet IT in your inbox daily

25 Comments

More from The Register

Buffer overflow in Unix mailer Exim imperils 400,000 email servers

Bug already plugged, get updating

Intel Management Engine pwned by buffer overflow

Security researchers lift lid on snafu at Black Hat Europe

Stop us if you've heard this one: Adobe Flash gets emergency patch for zero-day exploit

The internet's screen door gets kicked open once again

'Adversarial DNA' breeds buffer overflow bugs in PCs

Boffins had to break gene-reading software but were able to remotely exploit a computer

Flappy Friday for Stack Overflow as outage woes run on

Updated Well, guess it's nearly the weekend

How many ways can a PDF mess up your PC? 47 in this Adobe update alone

Tons of critical fixes for Reader, Acrobat and Photoshop

if dev == woman then dont_be(asshole): Stack Overflow tries again to be more friendly to non-male non-pasty coders

Another try...catch attempt to end tedious mansplaining

Devs see red after not seeing Big Red on Stack Overflow database poll

Updated Oracle missed off yearly survey, staffer claims 'malicious bias'

Stack Overflow + Salary Calculator = your worth

In case you were wondering what Git, SQL and JS skills will get you, new online tool measures your value

Buffer overflow reported in UEFI EDK1

Firmware patching scramble begins