explorer

Buffer overflow in Internet Explorer 6

When Microsoft issues a cumulative patch for Internet Explorer on Windows 2000 and XP SP1, you'd expect the patch to solve problems. In the case of MS06-042, however, the patch actually caused problems for some users accessing Web sites with HTTP 1.1 compression, in particular, some version of PeopleSoft online applications. When a fully patched Internet Explorer 6 browser attempted to contact such a site, the browser crashed, causing a denial-of-service (DoS) attack. However, once the problem became public, it was possible for criminal hackers to craft specially designed Web sites that could also crash the browser and … Read more

Internet Explorer "FolderItem" Object Access Remote Denial of Service Vulnerability

This vulnerability may cause a denial of service (crash) within Microsoft Internet Explorer 6. By accessing the object references of a FolderItem ActiveX object--specifcally, by creating a NULL pointer dereference error when accessing a "FolderItem" object--attackers may crash the Microsoft browser. Successful execution, however, requires a victim to access a malicious Web page.

Additional Resources:

French Security Incident Response Team: ADV-2006-2814 BrowserFun: #15 National Institute of Standards and Technology: CVE-2006-3458

Terminal Services COM object flaw in Internet Explorer 6

A memory corruption flaw in the Terminal Services COM object (tsuserex.dll) affects users of Internet Explorer 6. By instantiating itself as an ActiveX object, a malformed Terminal Services COM object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.

ISS Xforce advisory: #28444