Crash in Internet Explorer 6.0 Sp1

2007.10.25

Credit: David F. Madrid

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2003-1484

CWE: N/A

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Partial

Affected product : IE 6.0 Sp1
Vendor Status : the issue will be solved in the next service pack
Description :
Internet explorer can be crashed by clicking on a specially crafted link .
The problem is in the AnchorClick DHTML behaviour of the A ( link )
object . With this behaviour you can specify a Folder instead of using the
href attribute . If you leave this field blank , upon clicking on the link
internet explorer will crash with an access violation when trying to write
to a null pointer . You can test this issue by clicking the link on this
page
http://usuarios.lycos.es/actualidad21/ie_URL_behaviour.html
--
Regards ,
David F. Madrid
Madrid , Spain

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Crash in Internet Explorer 6.0 Sp1

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.