Crash in Internet Explorer 6.0 Sp1
From: David F. Madrid (conde0_at_TELEFONICA.NET)
Date: 05/05/03
- Previous message: Cesar: "Microsoft Biztalk Server DTA vulnerable to SQL injection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 5 May 2003 18:39:22 -0300 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Affected product : IE 6.0 Sp1
Vendor Status : the issue will be solved in the next service pack
Description :
Internet explorer can be crashed by clicking on a specially crafted link .
The problem is in the AnchorClick DHTML behaviour of the A ( link )
object . With this behaviour you can specify a Folder instead of using the
href attribute . If you leave this field blank , upon clicking on the link
internet explorer will crash with an access violation when trying to write
to a null pointer . You can test this issue by clicking the link on this
page
http://usuarios.lycos.es/actualidad21/ie_URL_behaviour.html
-- Regards , David F. Madrid Madrid , Spain oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Delivery co-sponsored by IP3 Inc. oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo SECURITY QUESTIONS? We've got answers...Apply for a scholarship and become TICSA certified. Do not miss your opportunity to discover solutions to what our participants have identified as their top 5 IT Security Challenges. You will return to work better prepared to put into place an effective security strategy utilizing the latest security tools, bookmarks and URL's. <http://www.ip3seminars.com> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Cesar: "Microsoft Biztalk Server DTA vulnerable to SQL injection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
