January 12, 2006 9:55 AM PST

Internet Explorer "FolderItem" Object Access Remote Denial of Service Vulnerability

Posted by Robert Vamosi Post a comment

This vulnerability may cause a denial of service (crash) within Microsoft Internet Explorer 6. By accessing the object references of a FolderItem ActiveX object--specifcally, by creating a NULL pointer dereference error when accessing a "FolderItem" object--attackers may crash the Microsoft browser. Successful execution, however, requires a victim to access a malicious Web page.

Additional Resources:

French Security Incident Response Team: ADV-2006-2814
BrowserFun: #15
National Institute of Standards and Technology: CVE-2006-3458

Topics:: Browsers and extensions

Tags:: Internet Explorer

Bookmark:: Digg; Del.icio.us; Reddit

Recent posts from Zero Days: Microsoft fixes nineteen flaws in seven patches; all are considered critical updates; Storm Worm strikes again; Windows dynamic DNS update mechanism; Windows Web Proxy Autodiscovery flaw; Windows animated cursor attack

TalkBack
No discussions exist yet.

Click here to be the first to post a comment on this blog

Article discussion: Internet Explorer "FolderItem" Object Access Remote Denial of Service Vulnerability

Post a comment

About Zero Days
Zero Days are security threats released before or concurrent with the public disclosure of software vulnerabilities. Our new blog will keep you ahead of the criminal hackers by informing you what you are up against.

Subscribe via RSS
Click this link to view as XML.