CVE-2008-4261

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 SP4, 6 SP1 Microsoft Internet Explorer version 6 on Windows XP and Server 2003

Description: The issue arises from a stack-based buffer overflow that occurs when Microsoft Internet Explorer does not properly handle extraneous data associated with an object embedded in a web page. This allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption. A remote code execution vulnerability exists in the way Internet Explorer embeds objects into a Web page, which could be exploited by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution, potentially giving an attacker the same user rights as the logged on user.

Recommendations: For Microsoft Internet Explorer version 5.01 SP4, update to a version that properly handles object embedding to prevent memory corruption. For Microsoft Internet Explorer version 6 SP1, ensure that all web pages are thoroughly validated to prevent exploitation of the buffer overflow. For Microsoft Internet Explorer version 6 on Windows XP and Server 2003, restrict access to potentially malicious web pages until a proper fix is applied.