CVE-2010-1991

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6.0.2900.2180, 7, and 8.0.7600.16385

Description The issue allows remote attackers to cause a denial of service by launching excessive applications via an HTML document with many IFRAME elements, specifically when an IFRAME element has a mailto: URL in its SRC attribute.

Recommendations For Microsoft Internet Explorer version 6.0.2900.2180, consider disabling the handling of mailto: URLs in IFRAME elements until a patch is available. For Microsoft Internet Explorer version 7, restrict access to IFRAME elements with mailto: URLs to minimize the risk of exploitation. For Microsoft Internet Explorer version 8.0.7600.16385, avoid using the SRC attribute with mailto: URLs in IFRAME elements until the issue is resolved.