CVE-2006-7206

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service crash by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString...

Microsoft IE ADODB.Recordset NextRecordset拒绝服务漏洞

Internet Explorer是微软发布的非常流行的WEB浏览器。 Internet Explorer在处理带有畸形恶意JavsScript代码的网页时存在漏洞，远程攻击者可能利用此漏洞导致IE崩溃。 如果在网页中使用超长字符串反复的调用NextRecordset方法的话，就会触发SysFreeString函数中的无效内存访问，导致IE拒绝服务。 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 来源：H D Moore （[email protected]）...