Crash in Internet Explorer 6.0 Sp1

From: David F. Madrid (conde0at_private)
Date: Mon May 05 2003 - 14:41:03 PDT

Next message: securityat_private: "Security Update: [CSSA-2003-018.0] OpenLinux: file command buffer overflow"

Previous message: securityat_private: "Security Update: [CSSA-2003-017.0] OpenLinux: Various serious Samba vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Affected product : IE 6.0 Sp1

Vendor Status : the issue will be solved in the next service pack

Description :

Internet explorer can be crashed  by clicking on a specially crafted link .
The problem is in the AnchorClick DHTML behaviour of the A ( link )
object . With this behaviour you can specify a Folder instead of using the
href attribute . If you leave this field blank , upon clicking on the link
internet explorer will crash with an access violation when trying to write
to a null pointer . You can test this issue by clicking the link on this
page

http://usuarios.lycos.es/actualidad21/ie_URL_behaviour.html


-- 
Regards ,

David F. Madrid
Madrid , Spain

Next message: securityat_private: "Security Update: [CSSA-2003-018.0] OpenLinux: file command buffer overflow"
Previous message: securityat_private: "Security Update: [CSSA-2003-017.0] OpenLinux: Various serious Samba vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 06 2003 - 09:01:59 PDT