p2pnet.net News:- Another "Extremely critical" security hole has been found in Microsoft’s Internet Explorer.

It can be exploited by hackers to execute malicious code, says Secunia.

The IFRAME buffer overflow vulnerability was rated "Extremely critical" because a working exploit has alreadyt been published on public mailing lists, says Secunia.

It’s been confirmed in IE 6.0 on Windows XP SP1 (fully patched)and Windows 2000 (fully patched).

"The vulnerability is caused due to a boundary error in the handling of certain attributes in the <IFRAME> HTML tag," states Secunia. "This can be exploited to cause a buffer overflow via a malicious HTML document containing overly long strings in the ‘SRC’ and ‘NAME’ attributes of the <IFRAME> tag. Successful exploitation allows execution of arbitrary code."

The solution?

You’re OK if you’re running XP with SP2 installed, says Secunia, otherwise, "Use another product".

The discovery of yet another large hole is distinctly bad news for Microsoft whose IE is losing market share to browsers such as Firefox and Opera.

===================

See:-
malicious code – Internet Explorer IFRAME Buffer Overflow Vulnerability, Secunia, November 4, 2004

This entry was posted on Thursday, November 4th, 2004 at 3:38 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 1313 times