New MSIE 0-day is related to CSS attribute

Exploit code to Internet Explorer CSS Attribute Denial of Service Vulnerability has been released yesterday. The behavior of code is interesting:

When the “position” CSS attribute is set to HTML table only hovering cursor over malformed table triggers the flaw.
I’m not linking to the code. Reportedly MSIE 6.0.2900 SP2 is affected. Microsoft is aware about the issue.
However, If there are upcoming security advisories via mailing lists I will update this entry.

But the most interesting point is the future severity level. According to Microsoft vulnerability is Critical is no user interaction is needed to exploit the flaw. Is moving the mouse pointer user activity?

  • Sid

    I’d say that in the context moving the mouse as a perfectly normal user input and the flaw should therefore be critical.

  • xyberpix

    Any timelines on this one? Namely when was MS notified?

  • Juha-Matti

    I have no information about the disclosure timeline and who first informed Microsoft.

  • Luke

    IE7 BETA2 is not affected.

  • Luke

    It’s a stupid bug. You have only a crash of the browser. IE7 BETA2 is not affected

  • duke
  • Dragonetes

    The impact is a DoS, so this problem should be rated Medium (according to some Risk Assessment I work with).
    IE7 Beta2 is not affected, but I don’t care (it’s a beta product!)
    When I’ve readed this post at 11am (GMT+1), the only thing found related was the exploit itself in milwOrm site (see above entry), but nothing more anyway…
    I’ve found now another interesting site focused on CSS problems with IE (

    Have a good day!

  • Matthew Murphy

    If it’s only a crash, it’s not even a vulnerability, let alone a critical one.

  • Jake Middleton

    Can someone with IE7 checkout this page and let me know if it crashes.

    This is a CSS error I’ve been playing with. I’ve notified a number of groups (securiteam, FRSirt), but no response.

    Feel free to explore this with FF or lynx first.


  • Sid

    It causes both IE6 and IE7 beta 2 build 5296 to crash.

  • david

    IE7 BETA2 build is NOT 5296, but it’s 5346 that’s NOT vulnerable

  • Sid

    Ok fine, my build is vulnerable. Beta 2 isn’t.

  • digi7al64

    7.0.5335.5 is also vun.