Vulnerability Note VU#843771
Microsoft Internet Explorer contains a DHTML method heap memory corruption vulnerability
Microsoft Internet Explorer contains a flaw in DHTML method handling which may allow a remote attacker to execute arbitrary code.
The DHTML method handling in Internet Explorer fails to perform proper bounds checking. This vulnerability may allow data to be written outside the boundary of a buffer, creating a heap overflow condition that may allow remote attackers to execute arbitrary code. To exploit this vulnerability, the attacker would craft a malicious web page and convince the user to visit it, either by clicking on a link in a web page or in an email message.
A remote attacker may be able to execute arbitrary code with the privileges of the user running Internet Explorer.
Apply an update
Microsoft Windows users should use Windows Update to automatically obtain the correct fixes, or apply the relevant patches outlined in Microsoft Security Bulletin MS05-014, described in Microsoft Knowledge Base Article 867282.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||08 Feb 2005||08 Feb 2005|
CVSS Metrics (Learn More)
Thanks to the Microsoft Corporation for reporting this vulnerability, who in turn credit Andreas Sandblad of Secunia for reporting the information.
This document was written by Ken MacInnis based primarily on information provided by the Microsoft Corporation.
- CVE IDs: CAN-2005-0055
- Date Public: 08 Feb 2005
- Date First Published: 08 Feb 2005
- Date Last Updated: 22 Aug 2005
- Severity Metric: 31.87
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.