- home
- reviews
- news
- downloads
- cnet tv
On TV.com: TOP 10 Shows CANCELED Too Soon
- log in
- join CNET
- welcome,
- my profile
- log out

Hardware

Software & services

Networking & communications

Buying guides

Rob Vamosi's
award-winning
column on Internet threats and how to counter them
Delivered Mondays

All free newsletters

CNET Security Center: Your complete source of antivirus and Internet security information.

Internet Explorer "FolderItem" Object Access Remote Denial of Service Vulnerability
Flaw may crash Internet Explorer with specially crafted Web pages.
By Robert Vamosi (July 25, 2006)

QUICK FACTS

Name: Internet Explorer "FolderItem" Object Access Remote Denial of Service Vulnerability

Date first reported: 07/18/06

Software vulnerable: Internet Explorer 5.01 through 6

What it does: Causes a denial of service (crash).

Recommendations: None at this time

Exploit code available: No

Vendor patch available: No

This vulnerability may cause a denial of service (crash) within Microsoft Internet Explorer 6. By accessing the object references of a FolderItem ActiveX object--specifcally, by creating a NULL pointer dereference error when accessing a "FolderItem" object--attackers may crash the Microsoft browser. Successful execution, however, requires a victim to access a malicious Web page.

Additional Resources:

French Security Incident Response Team: ADV-2006-2814
BrowserFun: #15
NIST: CVE-2006-3658

Reviews & advice: Site map; Editorial policies; Meet the editors; How we test; Forums; Internet speed test

Popular topics: Apple iPhone; Apple iPod; Cell phones; Dell; GPS; LCD TV

CNET sites: CNET Site map; CNET TV; Downloads; News; Reviews; Shopper.com

More information: Newsletters; CNET Mobile; Customer Help Center; RSS; CNET Widgets; About CNET