Microsoft IE OVCtl NewDefaultItem Method NULL Dereference

2006-07-19T00:00:00
ID OSVDB:27112
Type osvdb
Reporter OSVDB
Modified 2006-07-19T00:00:00

Description

Vulnerability Description

Microsoft Internet Explorer contains a flaw that may allow a malicious user to remotely crash an instance of Internet Explorer. The issue is triggered by a null dereference when an ActiveX object is created for Microsoft Office Outlook View Control. This could allow an attacker to create a specially crafted web page that would crash Internet Explorer resulting in loss of integrity.

Technical Description

The flaw is due to the following script code which triggers a null dereference: new ActiveXObject('OVCtl.OVCtl.1').NewDefaultItem()

Only systems with Microsoft Office Outlook installed are affected.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Microsoft Internet Explorer contains a flaw that may allow a malicious user to remotely crash an instance of Internet Explorer. The issue is triggered by a null dereference when an ActiveX object is created for Microsoft Office Outlook View Control. This could allow an attacker to create a specially crafted web page that would crash Internet Explorer resulting in loss of integrity.

References:

Other Advisory URL: http://browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html Keyword: MoBB #20 Generic Exploit URL: http://metasploit.com/users/hdm/tools/browserfun/mobb_020.html FrSIRT Advisory: ADV-2006-2915 CVE-2006-3910 Bugtraq ID: 19079