A vulnerability in the way Microsoft Internet Explorer handles malformed DHTML script function calls may allow a remote, unauthenticated attacker to execute arbitrary code.
According to Microsoft Security Bulletin MS06-072:
When Internet Explorer interprets certain DHTML script function calls to incorrectly created elements it may corrupt system memory in such a way that an attacker could execute arbitrary code.
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the compromised user. The attacker could also cause Internet Explorer to crash.
Apply an update from Microsoft
Do not follow unsolicited links
This vulnerability was reported in Microsoft Security Bulletin MS06-072 . Microsoft credits Sam Thomas, working with TippingPoint and the Zero Day Initiative , for providing information about this issue.
|Date First Published:||2006-12-12|
|Date Last Updated:||2006-12-12 19:38 UTC|