Giorgius
03-11-2004, 10.34.39
A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the handling of certain attributes in the <IFRAME> HTML tag. This can be exploited to cause a buffer overflow via a malicious HTML document containing overly long strings in the "SRC" and "NAME" attributes of the <IFRAME> tag.
Successful exploitation allows execution of arbitrary code.
The vulnerability has been confirmed in the following versions:
* Internet Explorer 6.0 on Windows XP SP1 (fully patched).
* Internet Explorer 6.0 on Windows 2000 (fully patched).
NOTE: This advisory has been rated "Extremely critical" as a working exploit has been published on public mailing lists.
Leggi: http://secunia.com/advisories/12959/
The vulnerability is caused due to a boundary error in the handling of certain attributes in the <IFRAME> HTML tag. This can be exploited to cause a buffer overflow via a malicious HTML document containing overly long strings in the "SRC" and "NAME" attributes of the <IFRAME> tag.
Successful exploitation allows execution of arbitrary code.
The vulnerability has been confirmed in the following versions:
* Internet Explorer 6.0 on Windows XP SP1 (fully patched).
* Internet Explorer 6.0 on Windows 2000 (fully patched).
NOTE: This advisory has been rated "Extremely critical" as a working exploit has been published on public mailing lists.
Leggi: http://secunia.com/advisories/12959/