A vulnerability in the Microsoft Internet Explorer web browser could allow a remote attacker to crash the browser or possibly execute arbitrary code on a vulnerable system.
A programming error in the way that Internet Explorer handles multiple event handlers in an HTML element results in an array out-of-bounds memory access. This error results in a vulnerability that could allow an attacker to execute code on a vulnerable system. An attacker could exploit this vulnerability by constructing a malicious web page and tricking or persuading a user to visit the malicious site.
A remote attacker can cause a vulnerable version of the browser to crash. In some cases, it may also be possible for the attacker to execute code of their choosing on an affected system. The attacker-supplied code would be executed with the permissions of the user running the vulnerable version of the browser.
Apply a patch
Michal Zalewski publicly reported this vulnerability.
This document was written by Chad R Dougherty.
|Date First Published:||2006-04-11|
|Date Last Updated:||2006-04-11 20:00 UTC|