Reported December 1, 2004, by Microsoft
VERSIONS AFFECTED
|
DESCRIPTION
A vulnerability exists in Microsoft Internet Explorer (IE) that could result in
the execution of arbitrary code on the vulnerable system. Heap-based buffer
overflow in IE 6.0 allows remote attackers to execute arbitrary code via long
SRC or NAME attributes in IFRAME, FRAME, and EMBED elements.
VENDOR RESPONSE
Microsoft has released Security
Bulletin MS04-040, "Cumulative Security Update for Internet
Explorer (889293)," to address this vulnerability and recommends that
affected users immediately apply the appropriate patch listed in the bulletin.
CREDIT
Discovered by Microsoft.
0 comments
Hide comments