Intrusion Prevention

MS.IE.HTML.Tag.Parsing.Memory.Corruption

Description

This indicates a possible attempt to exploit a Memory Corruption vulnerability in Microsoft Internet Explorer.
The vulnerability is related to the handling of certain HTML tags. Attackers can exploit this issue via a malicious web page, to execute arbitrary code in the context of the currently logged-in user. They can also use HTML email for the attack.

Affected Products

Microsoft Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows XP Service Pack 1
Microsoft Internet Explorer 6 for Microsoft Windows XP Service Pack 2
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 Service Pack 1
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 (Itanium)
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
Microsoft Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 98
Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 98 SE
Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows Millennium Edition

Impact

System Compromise: Remote execution of arbitrary code.

Recommended Actions

Apply the appropriate patch:
http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx

CVE References

CVE-2006-1188