11/5/2004

Extremely critical flaw was discovered in IE

Filed under: — Aviran Mordo @ 6:57 am

A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to a boundary error in the handling of certain attributes in the <iframe> HTML tag. This can be exploited to cause a buffer overflow via a malicious HTML document containing overly long strings in the “SRC” and “NAME” attributes of the <iframe> tag.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been confirmed in the following versions:
* Internet Explorer 6.0 on Windows XP SP1 (fully patched).
* Internet Explorer 6.0 on Windows 2000 (fully patched).

NOTE: This advisory has been rated “Extremely critical” as a working exploit has been published on public mailing lists.

The vulnerability does not affect systems running Windows XP with SP2 installed.

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress