Internet Explorer "FolderItem" Object Access Remote Denial of Service Vulnerability

Flaw may crash Internet Explorer with specially crafted Web pages

This vulnerability may cause a denial of service (crash) within Microsoft Internet Explorer 6. By accessing the object references of a FolderItem ActiveX object--specifcally, by creating a NULL pointer dereference error when accessing a "FolderItem" object--attackers may crash the Microsoft browser. Successful execution, however, requires a victim to access a malicious Web page.

Additional Resources:

  • French Security Incident Response Team: ADV-2006-2814
  • BrowserFun: #15
  • National Institute of Standards and Technology: CVE-2006-3458
Tags:
Mobile
About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Discuss Internet Explorer "FolderItem" Object Access Remote Denial of Service Vulnerability

    Conversation powered by Livefyre

    Show Comments Hide Comments