Microsoft Internet Explorer contains a flaw in DHTML method handling which may allow a remote attacker to execute arbitrary code.
The DHTML method handling in Internet Explorer fails to perform proper bounds checking. This vulnerability may allow data to be written outside the boundary of a buffer, creating a heap overflow condition that may allow remote attackers to execute arbitrary code. To exploit this vulnerability, the attacker would craft a malicious web page and convince the user to visit it, either by clicking on a link in a web page or in an email message.
A remote attacker may be able to execute arbitrary code with the privileges of the user running Internet Explorer.
Apply an update
Microsoft Windows users should use Windows Update to automatically obtain the correct fixes, or apply the relevant patches outlined in Microsoft Security Bulletin MS05-014, described in Microsoft Knowledge Base Article 867282.
Thanks to the Microsoft Corporation for reporting this vulnerability, who in turn credit Andreas Sandblad of Secunia for reporting the information.
This document was written by Ken MacInnis based primarily on information provided by the Microsoft Corporation.
|Date First Published:||2005-02-08|
|Date Last Updated:||2005-08-22 13:13 UTC|