Microsoft Internet Explorer fails to properly handle exception conditions. This may allow a remote, unauthenticated attacker to execute arbitrary code.
Internet Explorer allows objects to register exception handlers. These handlers may not properly handle some conditions, which may cause memory corruption.
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.
Apply an update
This issue is addressed in Microsoft Security Bulletin MS06-021. This update removes exception handlers from Internet Explorer.
This vulnerability was reported by Secunia Research, who in turn credit Andreas Sandblad.
This document was written by Will Dormann.
|Date First Published:||2006-06-13|
|Date Last Updated:||2006-06-15 12:05 UTC|