Security researchers are warning that exploit code is circulating for a newly discovered security vulnerability...
in Microsoft's Internet Explorer web browser.
An error in the way IE handles some attributes of the "iframe" and "frame" HTML tags can be exploited to cause a buffer overflow and execute malicious code on a PC. The vulnerability could be exploited via a specially crafted HTML document including an e-mail message or a web page, according to an advisory from US-CERT.
The bug has been confirmed in IE 6.0 on a fully patched Windows XP with Service Pack 1 and IE 6.0 on a fully patched Windows 2000, according to an advisory from Danish security firm Secunia.
Programs using the WebBrowser ActiveX control, including Outlook, Outlook Express, AOL and Lotus Notes, may also be affected.
While Microsoft has not yet issued a patch, the bug appears to be a selling point for the widely touted Service Pack 2 (SP2) - systems running SP2 do not appear to be affected.
The bug could be particularly serious because a working exploit has been published on public mailing lists, according to Secunia. Such an exploit could make it far easier for a malicious user to launch an attack.
Written by Techworld staff