CVE-2006-0585

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6.0 SP1 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in an application crash. This is achieved through a Shockwave Flash object containing ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, triggering a null dereference.

Recommendations For Microsoft Internet Explorer versions 6.0 SP1 and earlier, consider upgrading to a newer version to resolve the issue. As a temporary workaround, restrict the use of Shockwave Flash objects that contain ActionScript code to minimize the risk of exploitation. Avoid using the document.write function in Javascript until the issue is resolved.