Microsoft Internet Explorer fails to properly decode UTF-8 encoded HTML. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
The Unicode character set contains more than 96,000 characters. Because of this, Unicode can be used to represent a wide range of languages.
By convincing a user to view a specially crafted HTML document (e.g., a web page, an HTML email message, or an email attachment), an attacker could execute arbitrary code with the privileges of the user. The attacker could also cause IE (or the program using the MSHTML component) to crash.
Apply an update
Thanks to Microsoft Security for reporting this vulnerability. Microsoft, in turn, thanks Tippingpoint for reporting this issue.
This document was written by Will Dormann.
|Date First Published:||2006-06-13|
|Date Last Updated:||2006-06-13 18:58 UTC|