Breaking its normal security patch cycle, Microsoft has rushed out a fix for a critical bug in Internet Explorer versions from 6.0 up to but not including Windows XP Service Pack 2 (SP2). The bug in question is in the way IE handles two attributes of the "frame" and "iframe" HTML elements, which has already been exploited using overly long SRC and NAME attributes to cause IE to execute an attacker's shell code.
|