First published: Thu May 20 2010(Updated: )
Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Internet Explorer | =8.0.7600.16385 | |
Internet Explorer | =6.0.2900.2180 | |
Internet Explorer | =7 | |
Internet Explorer | =7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2010-1991 is considered a denial of service vulnerability affecting specific versions of Microsoft Internet Explorer.
CVE-2010-1991 exploits the IFRAME element with a mailto: URL, causing excessive application launches when rendered in the browser.
CVE-2010-1991 affects Microsoft Internet Explorer versions 6, 7, and 8.0.7600.16385.
To mitigate CVE-2010-1991, consider upgrading to a more recent version of Internet Explorer or apply security patches provided by Microsoft.
A potential workaround for CVE-2010-1991 is to disable the use of scripts and IFRAME elements in untrusted web content.