vendor:
Internet Explorer
by:
SecurityFocus
7.5
CVSS
HIGH
Memory Corruption
119
CWE
Product Name: Internet Explorer
Affected Version From: Microsoft Internet Explorer 6
Affected Version To: Microsoft Internet Explorer 6
Patch Exists: NO
Related CWE: N/A
CPE: a:microsoft:internet_explorer
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP2
2005
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer is prone to a memory-corruption vulnerability. This issue is due to a flaw in the application in handling nested OBJECT tags in HTML content. An attacker could exploit this issue via a malicious web page to potentially execute arbitrary code in the context of the currently logged-in user, but this has not been confirmed. Exploit attempts likely result in crashing the affected application. Attackers could exploit this issue through HTML email/newsgroup postings or through other applications that employ the affected component.
Mitigation:
Users should avoid visiting untrusted websites and should not open HTML emails from untrusted sources.
