IFRAME.BoF is a hacking tool used in order to exploit a buffer overrun vulnerability that occurs in Internet Explorer v6.0 running on Windows XP/2000/NT computers, and allows to remotely execute arbitrary code in the vulnerable computer, with the same privileges as the current user.
This vulnerability is rated as extremely critical, and it is caused due to the way in which Internet Explorer handles the attributes SRC and NAME in the HTML tags FRAME, IFRAME and EMBED.
IFRAME.BoF is included in a malicious web page or in an email message in HTML format, which contain executable code. This executable code is automatically run when a buffer overflow occurs while processing a specially crafted IFRAME, FRAME or EMBED tag.
If exploited successfully, IFRAME.BoF allows arbitrary code to be run, which could be of any nature.
As mentioned above, IFRAME.BoF is hosted in web pages or included in email messages in HTML format. In order to exploit the vulnerability, a malicious user would have to entice the user into accessing one of those web pages or opening the email message.
Some variants of the worm Mydoom use IFRAME.BoF in order to affect computers.
If you use Internet Explorer v6.0 on a Windows XP/2000/NT computer, it is recommendable to download and apply the security patch for the vulnerability that IFRAME.BoF exploits. Access the web page for downloading the patch.