A boundary error in the handling of certain attributes in the IFRAME HTML tag is the cause of the vulnerability, Secunia has reported.
This can be exploited to cause a buffer overflow via a malicious HTML document containing overly long strings in the "SRC" and "NAME" attributes of the tag. Successful exploitation of the error allows execution of arbitrary code. Secunia has confrimed the vulnerability in IE 6.0 on Windows XP and Windows 2000
The vulnerability is serious because it requires no user interaction. Unlike some threats that necessitate action, such as downloading files, the newest IE hole can be opened without user help.
"When the user has to do absolutely nothing for this vulnerability to be exploited, that's a concern," Kristensen (Secunia) said. Having the exploit code in the wild also raised red flags at Secunia, he added. "We know it's out there, and that's not good."
Microsoft has not issued a patch yet, according to Kristensen, but he is hopeful that the company will take the vulnerability seriously enough to act quickly. "It would be best if they didn't stick with their usual patch cycle for this one," he said