Microsoft Internet Explorer 6 - Malformed HTML Parsing Denial of Service (2)

EDB-ID:

27906

CVE:

N/A

EDB Verified:

Author:

Thomas Waldegger

Type:

dos

Exploit:   /  

Platform:

Windows

Date:

2006-05-26

Vulnerable App: 
source: https://www.securityfocus.com/bid/18112/info

Microsoft Internet Explorer is affected by a denial-of-service vulnerability. This issue arises because the application fails to handle exceptional conditions in a proper manner.

An attacker may exploit this issue by enticing a user to visit a malicious site, resulting in a denial-of-service condition in the application.

This issue results in a NULL-pointer dereference, causing the application to crash. If attackers can manipulate the pointer being dereferenced, code execution may be possible. Note that this has not been confirmed.

Since exploiting this issue requires only standard HTML, it may not be easily mitigated.

Internet Explorer 6 is vulnerable to this issue; other versions may also be affected. This issue will reportedly crash Microsoft Outlook as well.

<applet><h4><title> </title><base>
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services