Vulnerability in the way IE Handles onLoad Events Could Allow Remote Code Execution

This issue was originally publicly reported in May as being a stability issue that caused the browser to close. Since then, new information has been posted that indicates remote code execution could be possible. Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed. Microsoft Security Advisory (911302): Vulnerability in the way Internet Explorer Handles onLoad Events Could Allow Remote Code Execution

Linked by shanmuga Monday, 21st November 2005 11:28PM