Phuong Nguyen

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 6.0 SP1 and earlier Description: The issue allows remote attackers to cause a denial of service, resulting in an application crash due to memory corruption. This is achieved through certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows. An example of such a malformed CSS element is the "<STYLE>@;/*" string. The cause may be attributed to a missing comment terminator, potentially leading to an invalid length that triggers a large memory copy operation. Recommendations: For Internet Explorer versions 6.0 SP1 and earlier, consider disabling the processing of CSS elements until a patch is available. Restrict access to potentially malicious web content to minimize the risk of exploitation.