All the latest UK technology news, reviews and analysis
|
|
|
26 Feb 2002
The Computer Emergency Response Team (Cert) today released an advisory warning of yet another vulnerability affecting Microsoft Internet Explorer and Outlook.
A buffer overflow vulnerability in the way Explorer handles embedded objects in HTML documents could allow an attacker to execute arbitrary code on a victim's system.
Further reading
Explorer supports the '<embed>' tags which can be used to include arbitrary objects such as multimedia files, Java applets and ActiveX controls in an HTML document.
The 'src' attribute is used to specify the location of a file, but Cert warned that research by Russian researchers Security.nnov had found that Explorer does not properly handle the attribute.
This means that a maliciously crafted 'src' attribute in a web page or HTML email could trigger a buffer overflow, executing code with the privileges of the user viewing the document.
Microsoft has released a patch, and further information on this problem is available here.
The Cert advisory is available here.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
1329899014.71117-2574 testjobpleaseignore (autoupload...
Embedded C, Linux , RTOS, Agile, MISRA – Embedded...
Software Engineer / Web Developer - Java, JavaScript...
C# , Oracle , Winforms, Junior Software Engineer – Central...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?