Internet Explorer DirectX Image Transform Object Denial of Service Vulnerability

Flaw triggers a denial of service (crash) within Internet Explorer on specially crafted Web pages

January 8, 2006 11:08 AM PST

This vulnerability creates a denial of service (crash) within Microsoft Internet Explorer 6 after a victim has been tricked into visiting a malicious Web page. Using the DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property, an error is generated.

Additional Resources:

French Security Incident Response Team: ADV-2006-2832
BrowserFun: #17
National Institute of Standards and Technology: CVE-2006-3657

CNET Update

Google talks back in new voice search

Desktop users can have a conversation with Google search (sort of), the Kwikset Kevo locks doors with a finger tap, and Twitter adds a new twist for marketers.

Play Video