Technical Cyber Security Alert TA04-315A – Microsoft Internet Explorer (IE) contains a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code with the privileges of the user running IE. A buffer overflow vulnerability exists in the way IE handles the SRC and NAME attributes of various elements, including FRAME, IFRAME, and EMBED. Because IE fails to properly check the size of the NAME and SRC attributes, a specially crafted HTML document can cause a buffer overflow in heap memory. Due to the dynamic nature of the heap, it is usually difficult for attackers to execute arbitrary code using this type of vulnerability.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/35013/TA04-315A.txt
Source: https://packetstormsecurity.com/files/35013/Technical-Cyber-Security-Alert-2004-315A.html