Microsoft IE5 vnd.ms.radio URL Vulnerability

info
discussion
exploit
solution
references

Microsoft IE5 vnd.ms.radio URL Vulnerability

Internet Explorer can handle URLs of type vnd.ms.radio: for streaming audio content. If a URL with 360 or more characters after 'vnd.ms.radio' is specified, a buffer in the file MSDXM.OCX gets overwritten, allowing arbitrary code to be run on the client machine.