Published: May 31 2006 12:00AM
Updated: Jun 01 2006 06:52PM
Credit: Discovered by Mr.Niega <Mr.Niega@gmail.com>.

Microsoft Internet Explorer is susceptible to a remote buffer-overflow vulnerability in 'INETCOMM.DLL'. The application fails to properly bounds-check user-supplied input data before copying it into an insufficiently sized memory buffer.

Remote attackers may exploit this issue to crash applications that use the affected library. This includes Internet Explorer, Windows Explorer, and possibly others. Remote code execution may also be possible, but this has not been confirmed.

The following examples demonstrate this issue. Note that removing the '.url' file may have to be done through 'cmd.exe', since Windows Explorer may crash when attempting to delete the file.
Examples:
http://www.securityfocus.com/data/vu...its/18198.html
http://www.securityfocus.com/data/vu...oits/18198.url