Vulnerability Note VU#842160
Microsoft Internet Explorer vulnerable to buffer overflow via FRAME and IFRAME elements
Microsoft Internet Explorer (IE) contains a buffer overflow vulnerability that can be exploited to execute arbitrary code with the privileges of the user running IE.
It appears that this vulnerability was discovered using the mangleme tool.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message), an attacker could execute arbitrary code with the privileges of the user. The attacker could also cause IE (or the program using the WebBrowser control) to crash.
Apply a Patch
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||03 Nov 2004|
CVSS Metrics (Learn More)
This vulnerability was publicly reported by ned and SkyLined.
This document was written by Art Manion.
- CVE IDs: CAN-2004-1050
- Date Public: 02 Nov 2004
- Date First Published: 03 Nov 2004
- Date Last Updated: 10 Dec 2004
- Severity Metric: 63.79
- Document Revision: 40
If you have feedback, comments, or additional information about this vulnerability, please send us email.