Microsoft is investigating
a newly
reported flaw in Internet Explorer 6 that could cause the browser to crash
when viewing a malicious Web page, the company said Monday. The flaw can be
exploited by an attacker to crash IE, Secunia said in an
advisory
published Monday. The vulnerability is caused due to an array boundary error in
the handling of HTML tags with multiple event handlers. This can be exploited to
crash a vulnerable browser via a HTML tag with 94 or more event handlers. The
weakness has been confirmed on a fully patched system with Internet Explorer 6.0
and Microsoft Windows XP SP2.