kronas
04-11-2004, 00:07
security firm secunia has noted a security hole in microsofts internet explorer 6 for windows xp and 2003 that requires 'no user interaction' for the vulnerability to be sucessfully exploited.
A boundary error in the handling of certain attributes in the IFRAME HTML tag is the cause of the vulnerability, Secunia has reported.
This can be exploited to cause a buffer overflow via a malicious HTML document containing overly long strings in the "SRC" and "NAME" attributes of the tag. Successful exploitation of the error allows execution of arbitrary code
MS has so far not issued a patch.
source: yahoo news
http://story.news.yahoo.com/news?tmpl=story2&u=/nf/20041103/tc_nf/28105
A boundary error in the handling of certain attributes in the IFRAME HTML tag is the cause of the vulnerability, Secunia has reported.
This can be exploited to cause a buffer overflow via a malicious HTML document containing overly long strings in the "SRC" and "NAME" attributes of the tag. Successful exploitation of the error allows execution of arbitrary code
MS has so far not issued a patch.
source: yahoo news
http://story.news.yahoo.com/news?tmpl=story2&u=/nf/20041103/tc_nf/28105