Microsoft IE DirectAnimation.DAUserData Data Property NULL Dereference

2006-07-08T00:00:00
ID OSVDB:27013
Type osvdb
Reporter Hdm()
Modified 2006-07-08T00:00:00

Description

Vulnerability Description

Microsoft IE contains a flaw that may allow a local denial of service. The issue is triggered when a call to DirectAnimation.DAUserData with a NULL pointer is referenced by the 'Data' property, and will result in loss of availability for the browser.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Microsoft IE contains a flaw that may allow a local denial of service. The issue is triggered when a call to DirectAnimation.DAUserData with a NULL pointer is referenced by the 'Data' property, and will result in loss of availability for the browser.

References:

Other Advisory URL: http://browserfun.blogspot.com/2006/07/mobb-9-directanimationdauserdata-data.html Keyword: MoBB #9 ISS X-Force ID: 27622 Generic Exploit URL: http://metasploit.com/users/hdm/tools/browserfun/mobb_009.html FrSIRT Advisory: ADV-2006-2719 CVE-2006-3513 Bugtraq ID: 18902