Microsoft Internet Explorer 6 - Malformed HTML Parsing Denial of Service (2)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1055718 漏洞类型
发布时间 2006-05-26 更新时间 2006-05-26
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/27906
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/18112/info

Microsoft Internet Explorer is affected by a denial-of-service vulnerability. This issue arises because the application fails to handle exceptional conditions in a proper manner.

An attacker may exploit this issue by enticing a user to visit a malicious site, resulting in a denial-of-service condition in the application.

This issue results in a NULL-pointer dereference, causing the application to crash. If attackers can manipulate the pointer being dereferenced, code execution may be possible. Note that this has not been confirmed.

Since exploiting this issue requires only standard HTML, it may not be easily mitigated.

Internet Explorer 6 is vulnerable to this issue; other versions may also be affected. This issue will reportedly crash Microsoft Outlook as well.

<applet><h4><title> </title><base>