Reported December 1, 2004, by Microsoft
A vulnerability exists in Microsoft Internet Explorer (IE) that could result in the execution of arbitrary code on the vulnerable system. Heap-based buffer overflow in IE 6.0 allows remote attackers to execute arbitrary code via long SRC or NAME attributes in IFRAME, FRAME, and EMBED elements.
Microsoft has released Security Bulletin MS04-040, "Cumulative Security Update for Internet Explorer (889293)," to address this vulnerability and recommends that affected users immediately apply the appropriate patch listed in the bulletin.
Discovered by Microsoft.