An unpatched vulnerability in Internet Explorer could be remotely exploited to launch malicious code, Danish security...
firm Secunia said in an advisory Tuesday.
"The vulnerability is caused due to a boundary error in the handling of certain attributes in the IFRAME html tag," Secunia said. "This can be exploited to cause a buffer overflow via a malicious html document containing overly long strings in the "src" and "name" attributes of the IFRAME tag. Successful exploitation allows execution of arbitrary code."
The company said it has confirmed the vulnerability on fully-patched machines with Internet Explorer 6.0 on Windows XP SP1 and Internet Explorer 6.0 on Windows 2000. The vulnerability does not affect systems running Windows XP with SP2 installed.
Secunia said it has rated the vulnerability "extremely critical" -- its highest risk rating -- because a working exploit has been published on public mailing lists. The company suggested users switch to another product.
The firm credited researcher "ned" with discovering the vulnerability, and credited researcher Berend-Jan Wever with providing additional research.
A Microsoft spokeswoman said Wednesday the company "is investigating new public reports of a possible vulnerability in Internet Explorer. We have not been made aware of any active exploits of the reported vulnerabilities or customer impact at this time, but we are aggressively investigating the public reports. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a fix through our monthly release process or an out-of-cycle security update, depending on customer needs."
She criticized those who discovered the vulnerability for not disclosing it "responsively."
"As I've mentioned many times in the past, Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk," she said. "We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests, by helping to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities with no exposure to malicious attackers while the patch is being developed."