PT-2006-4594 · Microsoft · Internet Explorer 6+2
Publicado
2006-07-19
·
Atualizado
2021-12-13
·
CVE-2006-3729
CVSS v2.0
2.6
Baixa
| Vetor | AV:N/AC:H/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Internet Explorer 6 on Windows XP SP2 with Office installed
Description
The issue allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the
getDataMemberName method of a OWC11.DataSourceControl.11 object. This leads to an integer overflow and a null dereference.Recommendations
For Internet Explorer 6 on Windows XP SP2 with Office installed, consider avoiding the use of the
getDataMemberName method with large negative integer arguments until a fix is available. As a temporary workaround, restrict the input to the getDataMemberName method to prevent large negative integers from being passed.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Internet Explorer 6
Office
Windows Xp