Security tool uncovers multiple bugs in every browserJanuary 4, 2011 – 6:59 AM
Browser security specialist Michal Zalewski believes that Chinese hackers have long been aware of a security vulnerability in Internet Explorer which has only recently come to public attention. It is believed that this vulnerability could be exploited to infect computers, though current efforts have succeeded only in provoking crashes. The chain of events through which Zalewski found out about the vulnerability, which may have been circulating among Chinese hackers, is interesting.
Zalewski, who works for Google’s security team, reports that he discovered the vulnerability a while ago using his cross_fuzz fuzzing tool and reported it to Microsoft in July 2010. Zalewski also used cross_fuzz to discover bugs in other browsers, which he also reported to the relevant organisations. To allow developers to access information on the bugs, Zalewski took the practical step of placing the tool and the crash dumps produced using it on his server and sending a link to the files to the browser developers.
According to Zalewski, however, one developer accidentally posted the link to a bug database, with the result that Google indexed the link and specific details of the BreakAASpecial and BreakCircularMemoryReferences functions contained in mshtml.dll; both of these contained errors. In late December, Zalewski’s server was visited by a Chinese surfer who came across the site as a result of Google searches on these two functions.