Internet Explorer embed tag src extension buffer overflow

Added: 12/11/2008
CVE: CVE-2008-4261
BID: 32595
OSVDB: 50610

Background

The HTML embed tag allows developers to embed plug-ins in web pages.

Problem

A vulnerability in Internet Explorer allows command execution when a user loads a page containing an embed tag with a src attribute containing a specially crafted filename extension.

Resolution

Apply the update referenced in Microsoft Security Bulletin 08-073.

References

http://www.microsoft.com/technet/security/bulletin/ms08-073.mspx

Limitations

Exploit works on Internet Explorer 5.01.

Platforms

Windows 2000

Back to exploit index