CVE-2006-1992

mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service crash via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but...

Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Michal Zalewski wrote: Perhaps not surprisingly, there appears to be a vulnerability in how Microsoft Internet Explorer handles or fails to handle certain combinations of nested OBJECT tags. This was tested with MSIE 6.0.2900.2180.xpsp.040806-182...