MS.IE.IFRAME.Buffer.Overflow

description-logoDescription

This indicates an attempt to exploit a heap overflow vulnerability in Microsoft Internet Explorer.
There is a heap buffer overflow vulnerability in IE in the handling of the SRC and NAME attributes of FRAME and IFRAME elements. Attackers can execute arbitrary code by sending overly long SRC and NAME attributes. This is possible if a user simply reads an HTML email message containing a URL embedded in the IFrame tag. If the URL is pointing to a file, when the email is opened the user will be prompted with a download dialog box. This issue could be used to initiate the download of malicious files, or exploit other known IE issues.

affected-products-logoAffected Products

Microsoft Internet Explorer version 6.0 and 6.0 SP1.

Impact logoImpact

Denial of service.
System compromise: remote code execution.

recomended-action-logoRecommended Actions

Apply appropriate patches or upgrade the application to the latest non-vulnerable version.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)