Microsoft 'Shlwapi.dll' 6.0.2800.1106 - Malformed HTML Form Tag Denial of Service

EDB-ID:

22518

CVE:





Platform:

Windows

Date:

2003-04-22


source: https://www.securityfocus.com/bid/7402/info

The 'shlwapi.dll' dynamic link library causes a calling application to fail when it attempts to render certain malformed HTML tags. This appears to be due to an attempt to perform a string comparison where one of the strings is a null pointer. It has been reported that this vulnerability could not be exploited to cause code execution. 

<html>
<form>
<input type crash>
</form>
</html>