Vulnerability Note VU#984473
Microsoft Internet Explorer contains overflow in processing script action handlers
A vulnerability in the Microsoft Internet Explorer web browser could allow a remote attacker to crash the browser or possibly execute arbitrary code on a vulnerable system.
A programming error in the way that Internet Explorer handles multiple event handlers in an HTML element results in an array out-of-bounds memory access. This error results in a vulnerability that could allow an attacker to execute code on a vulnerable system. An attacker could exploit this vulnerability by constructing a malicious web page and tricking or persuading a user to visit the malicious site.
A remote attacker can cause a vulnerable version of the browser to crash. In some cases, it may also be possible for the attacker to execute code of their choosing on an affected system. The attacker-supplied code would be executed with the permissions of the user running the vulnerable version of the browser.
Apply a patch
Microsoft has published patches for this issue in Microsoft Security Bulletin MS06-013. Users are encouraged to review this bulletin and apply the patches it refers to.
If you are a vendor and your product is affected, let
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Unknown||16 Mar 2006||11 Apr 2006|
Michal Zalewski publicly reported this vulnerability.
This document was written by Chad R Dougherty.
16 Mar 2006
Date First Published:
11 Apr 2006
Date Last Updated:
11 Apr 2006
If you have feedback, comments, or additional information about this vulnerability, please send us email.