This vulnerability sounds like a classic parser buffer overflow. The advisory actually includes information regarding two distinct vulnerabilities. But only one of them allows arbitrary code execution.
As with similar vulnerablities, the user has to expose the browser to malicious XML code. This could happen by visiting a compromissed site. Once the browser is exposed to the exploit, it will inherit all the privileges of the user running the browser.
I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Winter 2019
Oct 10th 2006
1 decade ago