A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to a boundary error in the handling of certain attributes in the <iframe> HTML tag. This can be exploited to cause a buffer overflow via a malicious HTML document containing overly long strings in the “SRC” and “NAME” attributes of the <iframe> tag.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been confirmed in the following versions:
* Internet Explorer 6.0 on Windows XP SP1 (fully patched).
* Internet Explorer 6.0 on Windows 2000 (fully patched).

NOTE: This advisory has been rated “Extremely critical” as a working exploit has been published on public mailing lists.

The vulnerability does not affect systems running Windows XP with SP2 installed.