CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.0%
Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of columns was passed in the counter would overflow. When this counter was subsequently used to allocate memory for the frameset, the memory buffer would be too small, potentially resulting in a heap buffer overflow and execution of attacker-controlled memory.