PT-2006-1646 · Adobe+1 · Shockwave Flash+1

Published

2006-02-08

Updated

2021-07-23

CVE-2006-0585

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6.0 SP1 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in an application crash. This is achieved through a Shockwave Flash object containing ActionScript code that calls VBScript, which in turn calls the Javascript document.write function, triggering a null dereference.

Recommendations For Microsoft Internet Explorer versions 6.0 SP1 and earlier, consider upgrading to a newer version to resolve the issue. As a temporary workaround, restrict the use of Shockwave Flash objects that contain ActionScript code to minimize the risk of exploitation. Avoid using the document.write function in Javascript until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0585

Affected Products

Internet Explorer

Shockwave Flash

PT-2006-1646 · Adobe+1 · Shockwave Flash+1

CVE-2006-0585

Related Identifiers

Affected Products

References · 5