Internet Explorer "FolderItem" Object Access Remote Denial of Service Vulnerability

Flaw may crash Internet Explorer with specially crafted Web pages

Mobile

This vulnerability may cause a denial of service (crash) within Microsoft Internet Explorer 6. By accessing the object references of a FolderItem ActiveX object--specifcally, by creating a NULL pointer dereference error when accessing a "FolderItem" object--attackers may crash the Microsoft browser. Successful execution, however, requires a victim to access a malicious Web page.

Additional Resources:

  • French Security Incident Response Team: ADV-2006-2814
  • BrowserFun: #15
  • National Institute of Standards and Technology: CVE-2006-3458
Close
Drag
Autoplay: ON Autoplay: OFF