A vulnerability in the way Microsoft Internet Explorer interprets malformed Web pages may lead to execution of arbitrary code.
Microsoft Internet Explorer contatins a vulnerabilty that could be exploited when Internet Explorer attempts to interpret specially crafted Web pages. According to Microsoft Security Bulletin MS06-067:
When Internet Explorer handles specially crafted HTML with certain HTML layout combinations it may corrupt system memory in such a way that an attacker could execute arbitrary code.
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the affected user or cause a denial-of-service condition.
Microsoft has released an update to address this issue. See Microsoft Security Bulletin MS06-067 for more details.
Please see Microsoft Security Bulletin MS06-067 for details on these workarounds.
This vulnerability was reported in Microsoft Security Bulletin MS06-067. Microsoft credits Sam Thomas, working with TippingPoint and the Zero Day Initiative for reporting this issue.
This document was written by Chris Taschner.
|Date First Published:||2006-11-15|
|Date Last Updated:||2006-11-17 18:22 UTC|