Well-known researcher and Google employee Michal Zalewski has come across what appears to be an independent discovery of an unpatched Internet Explorer vulnerability by separate researchers in China.
The motives of those researchers are unknown. Zalewski discovered the vulnerability while working on a newely released "fuzzing tool" for Web browsers. Fuzz testing is a form of testing in which inputs to the program under test are generated by a "fuzzer" based partly on random factors. The aim is to create unexpected conditions and see if the program under test handles error conditions, edge cases, and stress properly.
Zalewski described the tool, named cross_fuzz, as "an amazingly effective but notoriously annoying cross-document DOM binding fuzzer that helped identify about one hundred bugs in all browsers on the market.
The tool's design-cruel to the point of torture of a browser's DOM engine-has so much randomness in it that it often makes reproduction of errors difficult. Many of the reports to vendors from the use of this tool remain in a state of vagueness that makes them difficult to fix. Zalewski has released the tool in the hope that community involvement will help to make it more helpful to developers.
But the tool found several exploitable and fairly well-defined vulnerabilities in Internet Explorer, which Zalewski reported to Microsoft in July. They acknowledged receipt, but did not reply further until just recently to ask that the release of the tool be delayed.
Posts
