Microsoft Internet Explorer HTML Document Directive Buffer Overflow Vulnerability

Due to a flaw in IE's implementation of an HTML directive, it is possible for a remote attacker to execute arbitrary code on a user's system.

MSIE supports a directive to embed document files in webpages. A buffer overflow condition exists in this feature that may allow for remote attackers to execute arbitrary code on client systems. This vulnerability may be exploited to execute arbitrary code through a maliciously constructed webpage or HTML email. Any arbitary code will be executed within the security context of the user running the client.

Successful exploitation of this issue could result in a compromise of the host.


Privacy Statement
Copyright 2010, SecurityFocus