Michal Zalewski, the researcher who announced in March an Internet Explorer vulnerability whose exploitation could crash the browser, has some news for Microsoft and the company’s security experts won’t be too pleased with them.

The bug comes not long after Microsoft plugged numerous security holes with the April patches.

Secunia has rated the bug as being “highly critical” (the last but one alert level used by the security company) and has warned that its successful exploitation could compromise a system.

The vulnerability is caused by an error in the processing of certain sequences of nested “object” HTML tags. This can be exploited to corrupt memory by tricking a user into visiting a malicious web site. A successful attempt allows execution of arbitrary code.

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.

A Microsoft spokesman was quoted by eWeek as saying that the initial investigation revealed the bug would most likely result in the browser closing unexpectedly or failing to respond. The Redmond company also criticized the researcher for rushing into posting information about it before there was a patch.

In other April patching news, Stephen Toulouse announced yesterday that a new version of the security bulletin MS06-015, which caused some incompatibilities, was ready and that Automatic Update would automatically detect if its installation was necessary.

Source