Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1294
https://exchange.xforce.ibmcloud.com/vulnerabilities/17889
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-040
http://www.us-cert.gov/cas/techalerts/TA04-336A.html
http://www.us-cert.gov/cas/techalerts/TA04-315A.html
http://www.securityfocus.com/bid/11515
http://www.securityfocus.com/archive/1/379261
http://www.kb.cert.org/vuls/id/842160
http://secunia.com/advisories/12959/
http://marc.info/?l=bugtraq&m=109942758911846&w=2
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028035.html
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/028009.html