CVE-2006-0544

Name of the Vulnerable Software and Affected Versions Internet Explorer version 7.0 beta 2 (aka 7.0.5296.0)

Description The issue allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. This is achieved by using a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash or hyphen) characters.

Recommendations For Internet Explorer version 7.0 beta 2, consider avoiding the use of BGSOUND elements with SRC attributes that could trigger this issue until a fix is available. As a temporary workaround, restrict the handling of "file://" URLs in the application to minimize the risk of exploitation.