Microsoft IE MHTMLFile Multiple Property NULL Dereference

2006-07-16T00:00:00
ID OSVDB:27108
Type osvdb
Reporter H D Moore(hdm@metasploit.com)
Modified 2006-07-16T00:00:00

Description

Vulnerability Description

Internet explorer contains a flaw that may allow a remote denial of service. The issue is triggered when setting the "location" property of the 'MHTMLFile' ActiveX object occurs, causing a NULL dereference. This will result in loss of availability for the browser.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Internet explorer contains a flaw that may allow a remote denial of service. The issue is triggered when setting the "location" property of the 'MHTMLFile' ActiveX object occurs, causing a NULL dereference. This will result in loss of availability for the browser.

References:

Other Advisory URL: http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html Keyword: MoBB #16 Generic Exploit URL: http://metasploit.com/users/hdm/tools/browserfun/mobb_016.html FrSIRT Advisory: ADV-2006-2831 CVE-2006-3659 Bugtraq ID: 19013