x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

IFRAME.BoF

Threat LevelHigh threatDamageSevereDistributionNot widespread
Common name:IFRAME.BoF
Technical name:Exploit/IFRAME.BoF
Threat level:Medium
Alias:Exploit.HTML.IframeBof,
Type:Hacking Tool
Effects:  

It is used to exploit a buffer overrun vulnerability in Internet Explorer v6.0, which allows to run arbitrary code. Some variants of the worm Mydoom use IFRAME.BoF in order to affect computers.

Affected platforms:

Windows XP/2000

First detected on:Nov. 9, 2004
Detection updated on:Nov. 27, 2007
StatisticsNo
Proactive protection:
Yes, using TruPrevent Technologies

Brief Description 

    

IFRAME.BoF is a hacking tool used in order to exploit a buffer overrun vulnerability that occurs in Internet Explorer v6.0 running on Windows XP/2000/NT computers, and allows to remotely execute arbitrary code in the vulnerable computer, with the same privileges as the current user.

This vulnerability is rated as extremely critical, and it is caused due to the way in which Internet Explorer handles the attributes SRC and NAME in the HTML tags FRAME, IFRAME and EMBED.

IFRAME.BoF is included in a malicious web page or in an email message in HTML format, which contain executable code. This executable code is automatically run when a buffer overflow occurs while processing a specially crafted IFRAME, FRAME or EMBED tag.

If exploited successfully, IFRAME.BoF allows arbitrary code to be run, which could be of any nature.

As mentioned above, IFRAME.BoF is hosted in web pages or included in email messages in HTML format. In order to exploit the vulnerability, a malicious user would have to entice the user into accessing one of those web pages or opening the email message.

Some variants of the worm Mydoom use IFRAME.BoF in order to affect computers.

 

If you use Internet Explorer v6.0 on a Windows XP/2000/NT computer, it is recommendable to download and apply the security patch for the vulnerability that IFRAME.BoF exploits. Access the web page for downloading the patch.

Visible Symptoms 

    

IFRAME.BoF is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.