The Microsoft Internet Explorer HTML rendering engine contains a vulnerability in its handling of the SRC attribute of the HTML <EMBED> directive. An attacker who is able to convince a user to read a malicious HTML file may be able to crash Internt Explorer or execute arbitrary code with the user's privileges.
Web pages and HTML email messages typically contain HTML text, but may include other documents using the <EMBED> directive. For example, a MIDI sound file might be embedded in a web page with the following HTML code:
<EMBED SRC="/path/sound.mid" AUTOSTART="true">
By convincing a user to view a malicious HTML document, an attacker could cause the Internet Explorer HTML rendering engine to crash or execute arbitrary code. This technique could be used to distribute viruses, worms, or other malicious code. Any code executed through this vulnerability would run with the privileges of the user who viewed the HTML document.
AOL Time Warner
The CERT/CC thanks ERRor and DarkZorro of domain Hell and 3APA3A of SECURITY.NNOV for reporting this issue to us.
This document was written by Art Manion and Ian A. Finlay.