NSFOCUS Security Team has discovered in a security test that Microsoft IE 5.0 is prone to a memory corruption vulnerability in parsing Cascading Style Sheet (CSS) files.

There exists a boundary error when processing specially-crafted CSS files due to lack of complete check of pointers. This allows a malicious attacker to execute arbitrary code via crafted CSS files. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user and take complete control of the victim system.

Even the security level of IE is set to High, the vulnerability can also be exploited. Therefore, security professionals from NSFOCUS recommend not  visiting untrusted websites.

In light of the critical influence of the vulnerability, NSFOCUS has reported the vulnerability to Microsoft. Nine latest security adversaries, MS07-042 through MS07-050, released on August include the above described vulnerability (in MS07-045).

See the following URL:
http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=45

About NSFOCUS
NSFOCUS is a leading network security vendor in China that is devoted to network and system security research, as well as R&D, sales and service of high-level network security products. NSFOCUS is capable of providing IDS/IPS, remote assessment, DDoS prevention and other advanced products with internationally competitive advantages, and is the most experienced professional security service vendor in China.