Microsoft Internet Explorer contains a vulnerability that may allow unintended information disclosure or remote code execution due to a flaw in handling Channel Definition Format (CDF) files.
From the Microsoft Channel Definition Format description:
Channel Definition Format (CDF) files can be used to organize a set of related Web pages into a logical hierarchy. A channel is a Web site described by a Channel Definition Format (CDF) file. The CDF file defines a hierarchy of the pages that are included in the channel. Besides defining the resources in the channel, the CDF file also specifies how each item will be used or displayed, and when the channel should be updated. For more information about CDF files, see the product documentation.
A remote attacker may be able to execute arbitrary code or access otherwise restricted information by crafting a malicious web page, then convincing a user to visit it by clicking on a link or email. The code would execute with the privileges of the user running Internet Explorer.
Apply an update
Thanks to the Microsoft Corporation for reporting this vulnerability.
|Date First Published:||2005-02-08|
|Date Last Updated:||2005-02-09 17:02 UTC|