Source of the Threat

In the previously-mentioned security hole in Microsoft Internet Explorer, buffer overflow in floating frames (the IFRAME tag) allowed an attacker to pass control to the shellcode and capture control over the remote machine, after which the target computer could be used in any way (for example, as a bridgehead for further attacks or sending spam, stealing confidential information, or making free international phone calls).

The list of vulnerable applications included Internet Explorer 5.5 and 6.0 and Opera 7.23 (I didn't test other versions). Other applications are not vulnerable, such as Internet Explorer 5.01 plus Service Pack 3 or Service Pack 4, Internet Explorer 5.5 plus Service Pack 2, Internet Explorer 5.00 under Windows 2000 without service packs, Internet Explorer 6.0 under Windows Server 2003 without service packs , and Internet Explorer 6 under Windows XP plus Service Pack 2.

By default, Internet Explorer doesn't prohibit execution of floating frames in the Internet and intranet zones. To become infected, the victim must open an URL containing aggressive code inside. The situation is different with Outlook Express ” HTML messages are opened in the restricted zone, and IFRAME tags are not processed by default. Java script cannot cause buffer overflow on its own when viewing the message. Thus, to activate the shellcode the user must click a link within a message. A new version of the MyDoom Internet worm has already appeared that uses this technology for quick propagation. Newer worms are expected to arrive soon, so be alert and do not click the links if you are not sure of them.