- Important update for Internet Explorer 6 -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, December 2 2004 - Microsoft has released an update(*) to resolve a
buffer overflow in Internet Explorer 6, which could allow attackers to run
arbitrary code and take control of vulnerable systems.
The buffer overflow occurs in the handling of the SRC and NAME attributes of
IFRAME tags. An attacker could exploit a maliciously-crafted HTML document
which, when viewed, could allow arbitrary code to be run and give the
attacker remote control of the compromised system.
According to Microsoft, all versions of Internet Explorer 6 are affected in
all Windows platforms -except Windows XP with Service Pack 2-, Windows XP
64-Bit Edition Version 2003, and Windows Server 2003. Given that this is
being exploited by certain malicious code -such as variants of the W32/Bofra
worm-, all users whose systems are affected by the vulnerability are advised
to install the patch.
(*) More details about the vulnerability, affected versions and the
downloads of the updates are available in the Microsoft bulletin MS04-040
at: http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, December 2 2004 - Microsoft has released an update(*) to resolve a
buffer overflow in Internet Explorer 6, which could allow attackers to run
arbitrary code and take control of vulnerable systems.
The buffer overflow occurs in the handling of the SRC and NAME attributes of
IFRAME tags. An attacker could exploit a maliciously-crafted HTML document
which, when viewed, could allow arbitrary code to be run and give the
attacker remote control of the compromised system.
According to Microsoft, all versions of Internet Explorer 6 are affected in
all Windows platforms -except Windows XP with Service Pack 2-, Windows XP
64-Bit Edition Version 2003, and Windows Server 2003. Given that this is
being exploited by certain malicious code -such as variants of the W32/Bofra
worm-, all users whose systems are affected by the vulnerability are advised
to install the patch.
(*) More details about the vulnerability, affected versions and the
downloads of the updates are available in the Microsoft bulletin MS04-040
at: http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx
