Cyrusoft Information for VU#932283
Microsoft Internet Explorer HTML rendering engine contains buffer overflow processing SRC attribute of HTML <EMBED> directive
- Vendor Information Help Date Notified: 22 Feb 2002
- Statement Date:
- Date Updated: 25 Feb 2002
Our email client Mulberry does not use the core HTML rendering engine library for its HTML display, and so is not affected by the bug in that library. Having looked at the details of this alert I can also confirm that our own HTML rendering engine is not affected by this, as it ignores the relevant tags.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.